Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 643554 (CVE-2017-18005, CVE-2018-4868) - <media-gfx/exiv2-0.26_p20180319: Multiple vulnerabilities
Summary: <media-gfx/exiv2-0.26_p20180319: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2017-18005, CVE-2018-4868
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/Exiv2/exiv2/issues/71
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: 647808
Blocks:
  Show dependency tree
 
Reported: 2018-01-05 14:34 UTC by GLSAMaker/CVETool Bot
Modified: 2018-05-29 12:43 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-01-05 14:34:31 UTC
CVE-2018-4868 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-4868):
  The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26
  allows remote attackers to cause a denial of service (excessive memory
  allocation) via a crafted file.

CVE-2017-18005 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18005):
  Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong
  function in value.cpp, related to crafted metadata in a TIFF file.

CVE-2017-17669 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17669):
  There is a heap-based buffer over-read in the
  Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2
  0.26. A crafted PNG file will lead to a remote denial of service attack.


@Maintainers please confirm if we are affected. Call for stabilization when ready if necessary.

Thank you
Comment 1 Andreas Sturmlechner gentoo-dev 2018-02-16 23:26:00 UTC
See also: https://github.com/Exiv2/exiv2/issues/168
Comment 2 Andreas Sturmlechner gentoo-dev 2018-02-16 23:27:26 UTC
Apparently fix is being prepared in https://github.com/Exiv2/exiv2/pull/199
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-03-27 02:02:39 UTC
(In reply to GLSAMaker/CVETool Bot from comment #0)
> CVE-2018-4868 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-4868):
>   The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26
>   allows remote attackers to cause a denial of service (excessive memory
>   allocation) via a crafted file.
> 
> CVE-2017-18005 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18005):
>   Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong
>   function in value.cpp, related to crafted metadata in a TIFF file.
> 

CVE-2018-4868 ipatch https://github.com/Exiv2/exiv2/pull/207/commits

CVE-2017-18005 is fixed in maser via https://github.com/Exiv2/exiv2/commit/59b148aee9402426e4d4cd7db5be6fa5966a68b5

CVE-2017-17669 is covered in bug #640978
Comment 4 Larry the Git Cow gentoo-dev 2018-04-25 17:53:52 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dc8557a38b42c16b34728619c94d0c89476251a

commit 1dc8557a38b42c16b34728619c94d0c89476251a
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-04-25 17:40:31 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-04-25 17:53:27 +0000

    media-gfx/exiv2: Add 0.26_p20180319 snapshot
    
    Fixing CVE-2017-17669, CVE-2017-17725, CVE-2017-18005, CVE-2018-4868
    
    Bug: https://bugs.gentoo.org/626214
    Bug: https://bugs.gentoo.org/643554
    Bug: https://bugs.gentoo.org/647808
    Bug: https://bugs.gentoo.org/640978
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 media-gfx/exiv2/Manifest                           |   1 +
 media-gfx/exiv2/exiv2-0.26_p20180319.ebuild        | 136 ++++++
 .../exiv2-0.26_p20180319-CVE-2017-18005.patch      | 484 +++++++++++++++++++++
 .../files/exiv2-0.26_p20180319-CVE-2018-4868.patch |  39 ++
 4 files changed, 660 insertions(+)}
Comment 5 Larry the Git Cow gentoo-dev 2018-05-29 12:32:02 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40c32e8333488b1965fa1de32d97a7403786ab0b

commit 40c32e8333488b1965fa1de32d97a7403786ab0b
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-05-29 12:13:07 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-05-29 12:31:09 +0000

    media-gfx/exiv2: Drop 0.26_p20171104 (security cleanup)
    
    Bug: https://bugs.gentoo.org/647808
    Bug: https://bugs.gentoo.org/640978
    Bug: https://bugs.gentoo.org/643554
    Closes: https://bugs.gentoo.org/626214
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 media-gfx/exiv2/Manifest                    |   1 -
 media-gfx/exiv2/exiv2-0.26_p20171104.ebuild | 128 ----------------------------
 2 files changed, 129 deletions(-)
Comment 6 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-05-29 12:43:23 UTC
GLSA Vote: No