CVE-2018-4868 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-4868): The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file. CVE-2017-18005 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18005): Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. CVE-2017-17669 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17669): There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. @Maintainers please confirm if we are affected. Call for stabilization when ready if necessary. Thank you
See also: https://github.com/Exiv2/exiv2/issues/168
Apparently fix is being prepared in https://github.com/Exiv2/exiv2/pull/199
(In reply to GLSAMaker/CVETool Bot from comment #0) > CVE-2018-4868 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-4868): > The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 > allows remote attackers to cause a denial of service (excessive memory > allocation) via a crafted file. > > CVE-2017-18005 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18005): > Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong > function in value.cpp, related to crafted metadata in a TIFF file. > CVE-2018-4868 ipatch https://github.com/Exiv2/exiv2/pull/207/commits CVE-2017-18005 is fixed in maser via https://github.com/Exiv2/exiv2/commit/59b148aee9402426e4d4cd7db5be6fa5966a68b5 CVE-2017-17669 is covered in bug #640978
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dc8557a38b42c16b34728619c94d0c89476251a commit 1dc8557a38b42c16b34728619c94d0c89476251a Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-04-25 17:40:31 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-04-25 17:53:27 +0000 media-gfx/exiv2: Add 0.26_p20180319 snapshot Fixing CVE-2017-17669, CVE-2017-17725, CVE-2017-18005, CVE-2018-4868 Bug: https://bugs.gentoo.org/626214 Bug: https://bugs.gentoo.org/643554 Bug: https://bugs.gentoo.org/647808 Bug: https://bugs.gentoo.org/640978 Package-Manager: Portage-2.3.31, Repoman-2.3.9 media-gfx/exiv2/Manifest | 1 + media-gfx/exiv2/exiv2-0.26_p20180319.ebuild | 136 ++++++ .../exiv2-0.26_p20180319-CVE-2017-18005.patch | 484 +++++++++++++++++++++ .../files/exiv2-0.26_p20180319-CVE-2018-4868.patch | 39 ++ 4 files changed, 660 insertions(+)}
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40c32e8333488b1965fa1de32d97a7403786ab0b commit 40c32e8333488b1965fa1de32d97a7403786ab0b Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-05-29 12:13:07 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-05-29 12:31:09 +0000 media-gfx/exiv2: Drop 0.26_p20171104 (security cleanup) Bug: https://bugs.gentoo.org/647808 Bug: https://bugs.gentoo.org/640978 Bug: https://bugs.gentoo.org/643554 Closes: https://bugs.gentoo.org/626214 Package-Manager: Portage-2.3.40, Repoman-2.3.9 media-gfx/exiv2/Manifest | 1 - media-gfx/exiv2/exiv2-0.26_p20171104.ebuild | 128 ---------------------------- 2 files changed, 129 deletions(-)
GLSA Vote: No