Exiv2 vulnerabilities in EulerOS 2.0 SP8 (EulerOS-SA-2019-2277) include denial of service through crafted image files
Reporter | Title | Published | Views | Family All 139 |
---|---|---|---|---|
OpenVAS | Huawei EulerOS: Security Advisory for exiv2 (EulerOS-SA-2019-2277) | 23 Jan 202000:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DLA-1551-1) | 21 Oct 201800:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for exiv2 (EulerOS-SA-2021-1782) | 3 May 202100:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for exiv2 (EulerOS-SA-2019-2710) | 23 Jan 202000:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2023:4070-1) | 16 Oct 202300:00 | – | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-4056-1) | 16 Jul 201900:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for exiv2 (EulerOS-SA-2019-2576) | 23 Jan 202000:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for exiv2 (EulerOS-SA-2021-2367) | 15 Sep 202100:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for exiv2 (EulerOS-SA-2019-2375) | 23 Jan 202000:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for exiv2 (EulerOS-SA-2019-2144) | 23 Jan 202000:00 | – | openvas |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(131343);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/09");
script_cve_id(
"CVE-2017-14865",
"CVE-2017-18005",
"CVE-2018-16336",
"CVE-2018-19535",
"CVE-2019-13112"
);
script_name(english:"EulerOS 2.0 SP8 : exiv2 (EulerOS-SA-2019-2277)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the exiv2 packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26
allows remote attackers to cause a denial of service
(heap-based buffer over-read) via a crafted image file,
a different vulnerability than
CVE-2018-10999.(CVE-2018-16336)
- In Exiv2 0.26 and previous versions,
PngChunk::readRawProfile in pngchunk_int.cpp may cause
a denial of service (application crash due to a
heap-based buffer over-read) via a crafted PNG
file.(CVE-2018-19535)
- A PngChunk::parseChunkContent uncontrolled memory
allocation in Exiv2 through 0.27.1 allows an attacker
to cause a denial of service (crash due to an
std::bad_alloc exception) via a crafted PNG image
file.(CVE-2019-13112)
- Exiv2 0.26 has a Null Pointer Dereference in the
Exiv2::DataValue::toLong function in value.cpp, related
to crafted metadata in a TIFF file.(CVE-2017-18005)
- There is a heap-based buffer overflow in the
Exiv2::us2Data function of types.cpp in Exiv2 0.26. A
Crafted input will lead to a denial of service
attack.(CVE-2017-14865)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2277
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6b0aca9e");
script_set_attribute(attribute:"solution", value:
"Update the affected exiv2 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13112");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2019/11/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:exiv2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:exiv2-libs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["exiv2-0.26-12.h7.eulerosv2r8",
"exiv2-libs-0.26-12.h7.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "exiv2");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo