Buffer overflow in exiv2 (Alpine package)

1) Buffer overflow

EUVDB-ID: #VU28797

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-17402

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary in Exiv2::getULong() function in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp. A remote attacker can pass specially crafted data to the application, trigger memory corruption and crash the service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

exiv2 (Alpine package): 0.25-r0 - 0.26-r0

CPE2.3

• cpe:2.3:o:alpine:exiv2_alpine_package:0.25-r0:*:*:*:*:alpine_linux:*:3.3
• cpe:2.3:o:alpine:exiv2_alpine_package:0.26-r0:*:*:*:*:alpine_linux:*:3.9

External links

https://git.alpinelinux.org/aports/commit/?id=4b80232f5a78abca62be25e8a44812437d3f11ef
https://git.alpinelinux.org/aports/commit/?id=5f508d129e5e87f82b2c8e85793d0c5302c5ef23
https://git.alpinelinux.org/aports/commit/?id=3e8ab963c14f906a03b0638a994acc710657355b
https://git.alpinelinux.org/aports/commit/?id=f7de796e6aaa9b44eed3b77e1c0e66fff453d454
https://git.alpinelinux.org/aports/commit/?id=243172b8ed91455899894296f46693ffa3d4f695
https://git.alpinelinux.org/aports/commit/?id=3c5375cf80f0d9cec96b892955916e5f6f62d8b0
https://git.alpinelinux.org/aports/commit/?id=bab0ca7478ac3b2bb801ceadbd71523d043174b5
https://git.alpinelinux.org/aports/commit/?id=a1cb55c75af83953d7cb42730649b063fb88bb45

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.