Lucene search

K
mageia
Gentoo FoundationMGASA-2021-0240
HistoryJun 08, 2021 - 7:46 p.m.

Updated exiv2 packages fix security vulnerabilities

2021-06-0819:46:03
Gentoo Foundation
advisories.mageia.org
9

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.0%

The updated packages fix security vulnerabilities: Heap-based buffer overflow in Jp2Image::readMetadata(). (CVE-2021-3482) Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata. (CVE-2021-29457) Out-of-bounds read in Exiv2::Internal::CrwMap::encode. (CVE-2021-29458) Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-29463) Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-29464) Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header. (CVE-2021-29470) Out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata. (CVE-2021-29473) Read of uninitialized memory may lead to information leak. (CVE-2021-29623) DoS due to quadratic complexity in ProcessUTF8Portion. (CVE-2021-32617)

OSVersionArchitecturePackageVersionFilename
Mageia7noarchexiv2< 0.27.1-3.5exiv2-0.27.1-3.5.mga7
Mageia8noarchexiv2< 0.27.3-1.1exiv2-0.27.3-1.1.mga8
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.0%

Related for MGASA-2021-0240