RHEL 7 : exiv2 (RHSA-2019:2101)

high Nessus Plugin ID 127672

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2101 advisory.

The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments.

The following packages have been upgraded to a later upstream version: exiv2 (0.27.0). (BZ#1652637)

Security Fix(es):

* exiv2: heap-buffer-overflow in Exiv2::IptcData::printStructure in src/iptc.cpp (CVE-2017-17724)

* exiv2: out-of-bounds read in Exiv2::Internal::stringFormat image.cpp (CVE-2018-8976)

* exiv2: invalid memory access in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp (CVE-2018-8977)

* exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305)

* exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772)

* exiv2: SIGABRT caused by memory allocation in types.cpp:Exiv2::Internal::PngChunk::zlibUncompress() (CVE-2018-10958)

* exiv2: SIGABRT by triggering an incorrect Safe::add call (CVE-2018-10998)

* exiv2: information leak via a crafted file (CVE-2018-11037)

* exiv2: integer overflow in getData function in preview.cpp (CVE-2018-12264)

* exiv2: integer overflow in the LoaderExifJpeg class in preview.cpp (CVE-2018-12265)

* exiv2: heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp (CVE-2018-14046)

* exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282)

* exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581)

* exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915)

* exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107)

* exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108)

* exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535)

* exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607)

* exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096)

* exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097)

* exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098)

* exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1482423

https://bugzilla.redhat.com/show_bug.cgi?id=1494443

https://bugzilla.redhat.com/show_bug.cgi?id=1494467

https://bugzilla.redhat.com/show_bug.cgi?id=1494776

https://bugzilla.redhat.com/show_bug.cgi?id=1494778

https://bugzilla.redhat.com/show_bug.cgi?id=1494780

https://bugzilla.redhat.com/show_bug.cgi?id=1494781

https://bugzilla.redhat.com/show_bug.cgi?id=1494782

https://bugzilla.redhat.com/show_bug.cgi?id=1494786

https://bugzilla.redhat.com/show_bug.cgi?id=1494787

https://bugzilla.redhat.com/show_bug.cgi?id=1649101

https://bugzilla.redhat.com/show_bug.cgi?id=1652637

https://bugzilla.redhat.com/show_bug.cgi?id=1656187

https://bugzilla.redhat.com/show_bug.cgi?id=1656195

https://bugzilla.redhat.com/show_bug.cgi?id=1660423

https://bugzilla.redhat.com/show_bug.cgi?id=1660424

https://bugzilla.redhat.com/show_bug.cgi?id=1660425

https://bugzilla.redhat.com/show_bug.cgi?id=1660426

https://bugzilla.redhat.com/show_bug.cgi?id=1664361

http://www.nessus.org/u?b347d973

http://www.nessus.org/u?cc7115e8

https://access.redhat.com/errata/RHSA-2019:2101

https://access.redhat.com/security/updates/classification/#low

https://bugzilla.redhat.com/show_bug.cgi?id=1465061

https://bugzilla.redhat.com/show_bug.cgi?id=1470729

https://bugzilla.redhat.com/show_bug.cgi?id=1470737

https://bugzilla.redhat.com/show_bug.cgi?id=1470913

https://bugzilla.redhat.com/show_bug.cgi?id=1470946

https://bugzilla.redhat.com/show_bug.cgi?id=1470950

https://bugzilla.redhat.com/show_bug.cgi?id=1471772

https://bugzilla.redhat.com/show_bug.cgi?id=1473888

https://bugzilla.redhat.com/show_bug.cgi?id=1473889

https://bugzilla.redhat.com/show_bug.cgi?id=1475123

https://bugzilla.redhat.com/show_bug.cgi?id=1475124

https://bugzilla.redhat.com/show_bug.cgi?id=1482295

https://bugzilla.redhat.com/show_bug.cgi?id=1482296

https://bugzilla.redhat.com/show_bug.cgi?id=1495043

https://bugzilla.redhat.com/show_bug.cgi?id=1524104

https://bugzilla.redhat.com/show_bug.cgi?id=1524107

https://bugzilla.redhat.com/show_bug.cgi?id=1524116

https://bugzilla.redhat.com/show_bug.cgi?id=1525055

https://bugzilla.redhat.com/show_bug.cgi?id=1537353

https://bugzilla.redhat.com/show_bug.cgi?id=1545237

https://bugzilla.redhat.com/show_bug.cgi?id=1561213

https://bugzilla.redhat.com/show_bug.cgi?id=1561217

https://bugzilla.redhat.com/show_bug.cgi?id=1566260

https://bugzilla.redhat.com/show_bug.cgi?id=1566735

https://bugzilla.redhat.com/show_bug.cgi?id=1578659

https://bugzilla.redhat.com/show_bug.cgi?id=1579481

https://bugzilla.redhat.com/show_bug.cgi?id=1579544

https://bugzilla.redhat.com/show_bug.cgi?id=1590993

https://bugzilla.redhat.com/show_bug.cgi?id=1590994

https://bugzilla.redhat.com/show_bug.cgi?id=1594627

https://bugzilla.redhat.com/show_bug.cgi?id=1601628

https://bugzilla.redhat.com/show_bug.cgi?id=1632490

https://bugzilla.redhat.com/show_bug.cgi?id=1635045

https://bugzilla.redhat.com/show_bug.cgi?id=1646555

https://bugzilla.redhat.com/show_bug.cgi?id=1649094

Plugin Details

Severity: High

ID: 127672

File Name: redhat-RHSA-2019-2101.nasl

Version: 1.9

Type: local

Agent: unix

Published: 8/12/2019

Updated: 11/6/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Low

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-9143

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:exiv2-doc, p-cpe:/a:redhat:enterprise_linux:exiv2-devel, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:exiv2-libs, p-cpe:/a:redhat:enterprise_linux:exiv2

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/6/2019

Vulnerability Publication Date: 2/12/2018

Reference Information

CVE: CVE-2017-17724, CVE-2018-10772, CVE-2018-10958, CVE-2018-10998, CVE-2018-10999, CVE-2018-11037, CVE-2018-12264, CVE-2018-12265, CVE-2018-14046, CVE-2018-17282, CVE-2018-17581, CVE-2018-18915, CVE-2018-19107, CVE-2018-19108, CVE-2018-19535, CVE-2018-19607, CVE-2018-20096, CVE-2018-20097, CVE-2018-20098, CVE-2018-20099, CVE-2018-4868, CVE-2018-8976, CVE-2018-8977, CVE-2018-9305, CVE-2019-9143

CWE: 119, 122, 125, 190, 200, 400, 476, 835

RHSA: 2019:2101