CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
77.9%
According to the versions of the exiv2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert.(CVE-2021-29470)
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert.(CVE-2021-29458)
A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.(CVE-2021-3482)
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert
.(CVE-2021-29463)
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert
.(CVE-2021-29464)
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4.(CVE-2021-29623)
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than
reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as rm
.(CVE-2021-32617)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(152325);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/06");
script_cve_id(
"CVE-2021-29458",
"CVE-2021-29463",
"CVE-2021-29464",
"CVE-2021-29470",
"CVE-2021-29623",
"CVE-2021-32617",
"CVE-2021-3482"
);
script_name(english:"EulerOS 2.0 SP8 : exiv2 (EulerOS-SA-2021-2293)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the exiv2 packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- Exiv2 is a command-line utility and C++ library for
reading, writing, deleting, and modifying the metadata
of image files. An out-of-bounds read was found in
Exiv2 versions v0.27.3 and earlier. The out-of-bounds
read is triggered when Exiv2 is used to write metadata
into a crafted image file. An attacker could
potentially exploit the vulnerability to cause a denial
of service by crashing Exiv2, if they can trick the
victim into running Exiv2 on a crafted image file. Note
that this bug is only triggered when writing the
metadata, which is a less frequently used Exiv2
operation than reading the metadata. For example, to
trigger the bug in the Exiv2 command-line application,
you need to add an extra command-line argument such as
insert.(CVE-2021-29470)
- Exiv2 is a command-line utility and C++ library for
reading, writing, deleting, and modifying the metadata
of image files. An out-of-bounds read was found in
Exiv2 versions v0.27.3 and earlier. The out-of-bounds
read is triggered when Exiv2 is used to write metadata
into a crafted image file. An attacker could
potentially exploit the vulnerability to cause a denial
of service by crashing Exiv2, if they can trick the
victim into running Exiv2 on a crafted image file. Note
that this bug is only triggered when writing the
metadata, which is a less frequently used Exiv2
operation than reading the metadata. For example, to
trigger the bug in the Exiv2 command-line application,
you need to add an extra command-line argument such as
insert.(CVE-2021-29458)
- A flaw was found in Exiv2 in versions before and
including 0.27.4-RC1. Improper input validation of the
rawData.size property in Jp2Image::readMetadata() in
jp2image.cpp can lead to a heap-based buffer overflow
via a crafted JPG image containing malicious EXIF
data.(CVE-2021-3482)
- Exiv2 is a command-line utility and C++ library for
reading, writing, deleting, and modifying the metadata
of image files. An out-of-bounds read was found in
Exiv2 versions v0.27.3 and earlier. The out-of-bounds
read is triggered when Exiv2 is used to write metadata
into a crafted image file. An attacker could
potentially exploit the vulnerability to cause a denial
of service by crashing Exiv2, if they can trick the
victim into running Exiv2 on a crafted image file. Note
that this bug is only triggered when writing the
metadata, which is a less frequently used Exiv2
operation than reading the metadata. For example, to
trigger the bug in the Exiv2 command-line application,
you need to add an extra command-line argument such as
`insert`.(CVE-2021-29463)
- Exiv2 is a command-line utility and C++ library for
reading, writing, deleting, and modifying the metadata
of image files. A heap buffer overflow was found in
Exiv2 versions v0.27.3 and earlier. The heap overflow
is triggered when Exiv2 is used to write metadata into
a crafted image file. An attacker could potentially
exploit the vulnerability to gain code execution, if
they can trick the victim into running Exiv2 on a
crafted image file. Note that this bug is only
triggered when writing the metadata, which is a less
frequently used Exiv2 operation than reading the
metadata. For example, to trigger the bug in the Exiv2
command-line application, you need to add an extra
command-line argument such as `insert`.(CVE-2021-29464)
- Exiv2 is a C++ library and a command-line utility to
read, write, delete and modify Exif, IPTC, XMP and ICC
image metadata. A read of uninitialized memory was
found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a
command-line utility and C++ library for reading,
writing, deleting, and modifying the metadata of image
files. The read of uninitialized memory is triggered
when Exiv2 is used to read the metadata of a crafted
image file. An attacker could potentially exploit the
vulnerability to leak a few bytes of stack memory, if
they can trick the victim into running Exiv2 on a
crafted image file. The bug is fixed in version
v0.27.4.(CVE-2021-29623)
- Exiv2 is a command-line utility and C++ library for
reading, writing, deleting, and modifying the metadata
of image files. An inefficient algorithm (quadratic
complexity) was found in Exiv2 versions v0.27.3 and
earlier. The inefficient algorithm is triggered when
Exiv2 is used to write metadata into a crafted image
file. An attacker could potentially exploit the
vulnerability to cause a denial of service, if they can
trick the victim into running Exiv2 on a crafted image
file. The bug is fixed in version v0.27.4. Note that
this bug is only triggered when _writing_ the metadata,
which is a less frequently used Exiv2 operation than
_reading_ the metadata. For example, to trigger the bug
in the Exiv2 command-line application, you need to add
an extra command-line argument such as
`rm`.(CVE-2021-32617)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2293
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b24e2649");
script_set_attribute(attribute:"solution", value:
"Update the affected exiv2 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-29464");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/08/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:exiv2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:exiv2-libs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["exiv2-0.26-12.h16.eulerosv2r8",
"exiv2-libs-0.26-12.h16.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "exiv2");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29458
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29463
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29464
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29470
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29623
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32617
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3482
www.nessus.org/u?b24e2649
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
77.9%