SB2023122237 - Gentoo update for Exiv2
Published: December 22, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 26 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2020-18771)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack or gain access to sensitive information.
The vulnerability exists due to global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp. A remote attacker can perform a denial of service attack or gain access to sensitive information.
2) Buffer overflow (CVE-ID: CVE-2020-18773)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the decode() function in iptc.cpp. A remote attacker can pass specially crafted file to the application and perform a denial of service (DoS) attack.
3) Division by zero (CVE-ID: CVE-2020-18774)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a divide by zero error within the printLong() function in tags_int.cpp. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.
4) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2020-18899)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function. A remote attacker can pass specially crafted file to the application and perform a denial of service (DoS) attack.
5) Heap-based buffer overflow (CVE-ID: CVE-2021-29457)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim top open a specially crafted image, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`.
6) Out-of-bounds read (CVE-ID: CVE-2021-29458)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the Exiv2::Internal::CrwMap::encode() function. A remote attacker can pass a specially crafted file to the application and perform a denial of service attack.
7) Out-of-bounds read (CVE-ID: CVE-2021-29463)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within Exiv2::WebPImage::doWriteMetadata(). A remote attacker can pass a specially crafted file to the application and perform a denial of service attack.
8) Out-of-bounds write (CVE-ID: CVE-2021-29464)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Exiv2::Jp2Image::encodeJp2Header(). A remote attacker can pass specially crafted file to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.
9) Out-of-bounds read (CVE-ID: CVE-2021-29470)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in Exiv2::Jp2Image::encodeJp2Header(). A remote attacker can pass specially crafted file to the application and perform a denial of service (DoS) attack.
10) Out-of-bounds read (CVE-ID: CVE-2021-29473)
The vulnerability allows a remote attacker to gain access to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when processing Exif, IPTC, XMP and ICC image metadata. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the affected application.
11) Information disclosure (CVE-ID: CVE-2021-29623)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a read of uninitialized memory flaw. A remote attacker can trick a victim to open a specially crafted image file and gain unauthorized access to sensitive information on the system.
12) Heap-based buffer overflow (CVE-ID: CVE-2021-31291)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in jp2image.cpp in Exiv2. A remote attacker can use crafted metadata to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Integer overflow (CVE-ID: CVE-2021-31292)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to integer overflow CrwMap::encode0x1810 of Exiv2. A remote attacker can pass specially crafted data to the application, trigger integer overflow and crash the application.
14) Resource exhaustion (CVE-ID: CVE-2021-32617)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application uses an inefficient algorithm (quadratic complexity) when writing metadata into a crafted image file. A remote attacker can trick trigger resource exhaustion and perform a denial of service (DoS) attack.
15) Reachable Assertion (CVE-ID: CVE-2021-32815)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when handling metadata of image files. A remote attacker can pass a specially crafted image to the application and perform a denial of service (DoS) attack.
16) Infinite loop (CVE-ID: CVE-2021-34334)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when processing metadata of image files. A remote attacker can pass a specially crafted image to the application, consume all available system resources and cause denial of service conditions.
17) Division by zero (CVE-ID: CVE-2021-34335)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to divide by zero error in Exiv2::Internal::resolveLens0xffff(). A remote attacker can pass specially crafted file to the application and crash it.
18) NULL pointer dereference (CVE-ID: CVE-2021-37615)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Exiv2::Internal::resolveLens0x319(). A remote attacker can pass specially crafted file to the application and perform a denial of service (DoS) attack.
19) NULL pointer dereference (CVE-ID: CVE-2021-37616)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Exiv2::Internal::resolveLens0x8ff(). A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
20) Out-of-bounds read (CVE-ID: CVE-2021-37618)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in Exiv2::Jp2Image::printStructure(). A remote attacker can pass a specially crafted file to the application, trigger an out-of-bounds read error and perform a denial of service attack.
21) Out-of-bounds read (CVE-ID: CVE-2021-37619)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
22) Out-of-bounds read (CVE-ID: CVE-2021-37620)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when processing metadata of a crafted image file. A remote attacker can pass a specially crafted image file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
23) Infinite loop (CVE-ID: CVE-2021-37621)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in Image::printIFDStructure(). A remote attacker can consume all available system resources and cause denial of service conditions.
24) Infinite loop (CVE-ID: CVE-2021-37622)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in JpegBase::printStructure(). A remote attacker can consume all available system resources and cause denial of service conditions.
25) Infinite loop (CVE-ID: CVE-2021-37623)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in JpegBase::printStructure. A remote attacker can consume all available system resources and cause denial of service conditions.
26) Out-of-bounds write (CVE-ID: CVE-2023-44398)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in BmffImage::brotliUncompress. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.