Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 652822 (CVE-2018-8976, CVE-2018-8977, CVE-2018-9145) - <media-gfx/exiv2-0.26_p20180811-r3: Multiple vulnerabilities
Summary: <media-gfx/exiv2-0.26_p20180811-r3: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2018-8976, CVE-2018-8977, CVE-2018-9145
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa++ cve]
Keywords:
Depends on: CVE-2018-10780, CVE-2018-10998, CVE-2018-10999, CVE-2018-11531, CVE-2018-12264, CVE-2018-12265
Blocks:
  Show dependency tree
 
Reported: 2018-04-08 21:59 UTC by GLSAMaker/CVETool Bot
Modified: 2018-11-24 21:46 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-04-08 21:59:05 UTC
CVE-2018-9306 (https://nvd.nist.gov/vuln/detail/CVE-2018-9306):
  In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c
  could result in a crash or information leak, related to the "!= 0x1c" case.

CVE-2018-9305 (https://nvd.nist.gov/vuln/detail/CVE-2018-9305):
  In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c
  could result in a crash or information leak, related to the "== 0x1c" case.

CVE-2018-9304 (https://nvd.nist.gov/vuln/detail/CVE-2018-9304):
  In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in
  bigtiffimage.cpp could result in denial of service.

CVE-2018-9303 (https://nvd.nist.gov/vuln/detail/CVE-2018-9303):
  In Exiv2 0.26, an assertion failure in BigTiffImage::readData in
  bigtiffimage.cpp results in an abort.

CVE-2018-9146 (https://nvd.nist.gov/vuln/detail/CVE-2018-9146):
  In Exiv2 0.26, there is an out-of-bounds read in
  Exiv2::IptcData::printStructure in image.cpp, a different vulnerability than
  CVE-2017-17724. It could result in denial of service or information
  disclosure.

CVE-2018-9145 (https://nvd.nist.gov/vuln/detail/CVE-2018-9145):
  In Exiv2 0.26, there is a reachable assertion abort in the function
  Exiv2::DataBuf::DataBuf at include/exiv2/types.hpp.

CVE-2018-9144 (https://nvd.nist.gov/vuln/detail/CVE-2018-9144):
  In Exiv2 0.26, there is an out-of-bounds read in
  Exiv2::Internal::binaryToString in image.cpp. It could result in denial of
  service or information disclosure.

CVE-2018-8977 (https://nvd.nist.gov/vuln/detail/CVE-2018-8977):
  In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in
  canonmn_int.cpp allows remote attackers to cause a denial of service
  (invalid memory access) via a crafted file.

CVE-2018-8976 (https://nvd.nist.gov/vuln/detail/CVE-2018-8976):
  In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of
  service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a
  crafted file.
Comment 1 Andreas Sturmlechner gentoo-dev 2018-09-21 14:31:01 UTC
CVE-2018-9303, CVE-2018-9304 do not affect any version in tree.

CVE-2018-9145: Fixed by https://github.com/Exiv2/exiv2/pull/316, already part of 
media-gfx/exiv2-0.26_p20180811-r1.

CVE-2018-8977: Fixed by https://github.com/Exiv2/exiv2/pull/260

CVE-2018-8976: Fixed by https://github.com/Exiv2/exiv2/pull/256

CVE-2018-9306:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17724.
Reason: This candidate is a reservation duplicate of CVE-2017-17724.

CVE-2018-9146:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17724. Reason: This candidate is a reservation duplicate of CVE-2017-17724.

CVE-2018-9144: links to https://github.com/Exiv2/exiv2/issues/254, declared duplicate of CVE-2017-17724 by upstream

CVE-2018-9305: suspected duplicate of above as well, inquired upstream.
Comment 2 Larry the Git Cow gentoo-dev 2018-09-21 14:50:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=524916ca71deef81fd09c9514ade715d2b4acfaa

commit 524916ca71deef81fd09c9514ade715d2b4acfaa
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-09-21 14:44:33 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-09-21 14:44:33 +0000

    media-gfx/exiv2: Tarball respun for CVE-2018-8976, CVE-2018-8977
    
    Custom packed tarball based on upstream 0.26 branch as of 2018-08-11,
    with additional fixes from git master.
    
    Bug: https://bugs.gentoo.org/652822
    Package-Manager: Portage-2.3.49, Repoman-2.3.10

 media-gfx/exiv2/Manifest                       |   1 +
 media-gfx/exiv2/exiv2-0.26_p20180811-r3.ebuild | 123 +++++++++++++++++++++++++
 2 files changed, 124 insertions(+)
Comment 3 Andreas Sturmlechner gentoo-dev 2018-11-11 22:27:11 UTC
Cleanup/KDE done here.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2018-11-13 06:47:37 UTC
Arches and Maintainer(s), Thank you for your work.

New GLSA Request filed.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2018-11-24 21:45:55 UTC
This issue was resolved and addressed in
 GLSA 201811-14 at https://security.gentoo.org/glsa/201811-14
by GLSA coordinator Aaron Bauman (b-man).
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2018-11-24 21:46:58 UTC
This issue was resolved and addressed in
 GLSA 201811-14 at https://security.gentoo.org/glsa/201811-14
by GLSA coordinator Aaron Bauman (b-man).