Summary: | <media-gfx/exiv2-0.27.3: Multiple vulnerabilities (CVE-2019-{14368,14369,14370,17402,20421}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | kde |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/Exiv2/exiv2/issues/1019 | ||
Whiteboard: | B3 [nogsla cve] | ||
Package list: |
=media-gfx/exiv2-0.27.3 amd64 arm arm64 ppc ppc64 sparc x86
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2019-12-03 17:58:49 UTC
https://github.com/Exiv2/exiv2/commit/88054239e3c914862d13f6ac89a19a104fa2c076 (master) https://github.com/Exiv2/exiv2/commit/50e9dd964a439da357798344ed1dd86edcadf0ec (0.27-branch) Follow-up: https://github.com/Exiv2/exiv2/issues/1026 CVE-2019-20421 (https://nvd.nist.gov/vuln/detail/CVE-2019-20421): In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. @maintainer(s): ping Issue is not solved so I'm wondering what the ping is about. (In reply to Andreas Sturmlechner from comment #4) > Issue is not solved so I'm wondering what the ping is about. There are patches available for both CVEs (linked in the CVE ref) but you may prefer to wait for a release. I guess we may as well wait given there is more activity now on the 0.27.3 release branch pending. CVE-2019-14370 (https://nvd.nist.gov/vuln/detail/CVE-2019-14370): In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service. (In reply to GLSAMaker/CVETool Bot from comment #6) > CVE-2019-14370 (https://nvd.nist.gov/vuln/detail/CVE-2019-14370): > In Exiv2 0.27.99.0, there is an out-of-bounds read in > Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial > of service. Bug: https://github.com/Exiv2/exiv2/issues/954 Looks fixed in master. CVE-2019-14369 (https://nvd.nist.gov/vuln/detail/CVE-2019-14369): Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file. CVE-2019-14368 (https://nvd.nist.gov/vuln/detail/CVE-2019-14368): Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9056211f5f9ea47334f8ca4aeaab38b9ce173163 commit 9056211f5f9ea47334f8ca4aeaab38b9ce173163 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-07-01 19:00:56 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-07-01 19:00:56 +0000 media-gfx/exiv2: 0.27.3 version bump Bug: https://bugs.gentoo.org/701902 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-gfx/exiv2/Manifest | 2 +- media-gfx/exiv2/{exiv2-0.27.3_rc2.ebuild => exiv2-0.27.3.ebuild} | 9 ++++----- 2 files changed, 5 insertions(+), 6 deletions(-) Tell us when ready, but I imagine it'll be a little bit. arm64 stable ppc64 stable sparc stable arm stable Looking good on ppc. # cat exiv2-701902.report USE tests started on Mi 15. Jul 00:40:41 CEST 2020 FEATURES=' test' USE='' succeeded for =media-gfx/exiv2-0.27.3 USE='doc -examples nls -png -webready -xmp' succeeded for =media-gfx/exiv2-0.27.3 USE='doc examples nls -png -webready -xmp' succeeded for =media-gfx/exiv2-0.27.3 USE='-doc -examples -nls png -webready -xmp' succeeded for =media-gfx/exiv2-0.27.3 USE='-doc -examples nls png -webready -xmp' succeeded for =media-gfx/exiv2-0.27.3 USE='doc -examples nls png -webready -xmp' succeeded for =media-gfx/exiv2-0.27.3 USE='-doc -examples nls -png webready -xmp' succeeded for =media-gfx/exiv2-0.27.3 USE='doc -examples -nls png webready -xmp' succeeded for =media-gfx/exiv2-0.27.3 USE='-doc examples -nls png webready -xmp' succeeded for =media-gfx/exiv2-0.27.3 USE='doc examples -nls png webready -xmp' succeeded for =media-gfx/exiv2-0.27.3 USE='doc examples nls png -webready xmp' succeeded for =media-gfx/exiv2-0.27.3 USE='doc -examples nls -png webready xmp' succeeded for =media-gfx/exiv2-0.27.3 USE='-doc -examples nls png webready xmp' succeeded for =media-gfx/exiv2-0.27.3 revdep tests started on Mi 15. Jul 01:05:02 CEST 2020 FEATURES=' test' USE='' succeeded for media-libs/libextractor FEATURES=' test' USE='' succeeded for media-gfx/ufraw FEATURES=' test' USE='python' succeeded for media-libs/gexiv2 ppc stable thanks to ernsteiswuerfel! amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d590f5ec305ccd3c2bb60f38f0fd47167f4dd3e commit 3d590f5ec305ccd3c2bb60f38f0fd47167f4dd3e Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-07-18 01:00:22 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-07-18 08:31:58 +0000 media-gfx/exiv2: Drop vulnerable 0.27.2 Bug: https://bugs.gentoo.org/701902 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-gfx/exiv2/Manifest | 1 - media-gfx/exiv2/exiv2-0.27.2.ebuild | 104 --------------------- .../exiv2/files/exiv2-0.27.2-libssh-0.9.2.patch | 56 ----------- 3 files changed, 161 deletions(-) GLSA vote: no! Closing. |