CVE-2018-9306 (https://nvd.nist.gov/vuln/detail/CVE-2018-9306): In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "!= 0x1c" case. CVE-2018-9305 (https://nvd.nist.gov/vuln/detail/CVE-2018-9305): In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case. CVE-2018-9304 (https://nvd.nist.gov/vuln/detail/CVE-2018-9304): In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service. CVE-2018-9303 (https://nvd.nist.gov/vuln/detail/CVE-2018-9303): In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort. CVE-2018-9146 (https://nvd.nist.gov/vuln/detail/CVE-2018-9146): In Exiv2 0.26, there is an out-of-bounds read in Exiv2::IptcData::printStructure in image.cpp, a different vulnerability than CVE-2017-17724. It could result in denial of service or information disclosure. CVE-2018-9145 (https://nvd.nist.gov/vuln/detail/CVE-2018-9145): In Exiv2 0.26, there is a reachable assertion abort in the function Exiv2::DataBuf::DataBuf at include/exiv2/types.hpp. CVE-2018-9144 (https://nvd.nist.gov/vuln/detail/CVE-2018-9144): In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure. CVE-2018-8977 (https://nvd.nist.gov/vuln/detail/CVE-2018-8977): In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file. CVE-2018-8976 (https://nvd.nist.gov/vuln/detail/CVE-2018-8976): In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.
CVE-2018-9303, CVE-2018-9304 do not affect any version in tree. CVE-2018-9145: Fixed by https://github.com/Exiv2/exiv2/pull/316, already part of media-gfx/exiv2-0.26_p20180811-r1. CVE-2018-8977: Fixed by https://github.com/Exiv2/exiv2/pull/260 CVE-2018-8976: Fixed by https://github.com/Exiv2/exiv2/pull/256 CVE-2018-9306: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17724. Reason: This candidate is a reservation duplicate of CVE-2017-17724. CVE-2018-9146: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17724. Reason: This candidate is a reservation duplicate of CVE-2017-17724. CVE-2018-9144: links to https://github.com/Exiv2/exiv2/issues/254, declared duplicate of CVE-2017-17724 by upstream CVE-2018-9305: suspected duplicate of above as well, inquired upstream.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=524916ca71deef81fd09c9514ade715d2b4acfaa commit 524916ca71deef81fd09c9514ade715d2b4acfaa Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-21 14:44:33 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-21 14:44:33 +0000 media-gfx/exiv2: Tarball respun for CVE-2018-8976, CVE-2018-8977 Custom packed tarball based on upstream 0.26 branch as of 2018-08-11, with additional fixes from git master. Bug: https://bugs.gentoo.org/652822 Package-Manager: Portage-2.3.49, Repoman-2.3.10 media-gfx/exiv2/Manifest | 1 + media-gfx/exiv2/exiv2-0.26_p20180811-r3.ebuild | 123 +++++++++++++++++++++++++ 2 files changed, 124 insertions(+)
Cleanup/KDE done here.
Arches and Maintainer(s), Thank you for your work. New GLSA Request filed.
This issue was resolved and addressed in GLSA 201811-14 at https://security.gentoo.org/glsa/201811-14 by GLSA coordinator Aaron Bauman (b-man).
