CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
79.1%
According to the versions of the exiv2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert.(CVE-2021-29458)
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert
.(CVE-2021-29473)
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file.(CVE-2021-32617)
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.(CVE-2019-17402)
Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999.(CVE-2018-16336)
Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.(CVE-2018-19607)
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.(CVE-2018-11531)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(153280);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/30");
script_cve_id(
"CVE-2018-11531",
"CVE-2018-16336",
"CVE-2018-19607",
"CVE-2019-17402",
"CVE-2021-29458",
"CVE-2021-29473",
"CVE-2021-32617"
);
script_name(english:"EulerOS 2.0 SP2 : exiv2 (EulerOS-SA-2021-2367)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the exiv2 package installed, the EulerOS
installation on the remote host is affected by the following
vulnerabilities :
- Exiv2 is a command-line utility and C++ library for
reading, writing, deleting, and modifying the metadata
of image files. An out-of-bounds read was found in
Exiv2 versions v0.27.3 and earlier. The out-of-bounds
read is triggered when Exiv2 is used to write metadata
into a crafted image file. An attacker could
potentially exploit the vulnerability to cause a denial
of service by crashing Exiv2, if they can trick the
victim into running Exiv2 on a crafted image file. Note
that this bug is only triggered when writing the
metadata, which is a less frequently used Exiv2
operation than reading the metadata. For example, to
trigger the bug in the Exiv2 command-line application,
you need to add an extra command-line argument such as
insert.(CVE-2021-29458)
- Exiv2 is a C++ library and a command-line utility to
read, write, delete and modify Exif, IPTC, XMP and ICC
image metadata. An out-of-bounds read was found in
Exiv2 versions v0.27.3 and earlier. Exiv2 is a
command-line utility and C++ library for reading,
writing, deleting, and modifying the metadata of image
files. The out-of-bounds read is triggered when Exiv2
is used to write metadata into a crafted image file. An
attacker could potentially exploit the vulnerability to
cause a denial of service by crashing Exiv2, if they
can trick the victim into running Exiv2 on a crafted
image file. Note that this bug is only triggered when
writing the metadata, which is a less frequently used
Exiv2 operation than reading the metadata. For example,
to trigger the bug in the Exiv2 command-line
application, you need to add an extra command-line
argument such as `insert`.(CVE-2021-29473)
- Exiv2 is a command-line utility and C++ library for
reading, writing, deleting, and modifying the metadata
of image files. An inefficient algorithm (quadratic
complexity) was found in Exiv2 versions v0.27.3 and
earlier. The inefficient algorithm is triggered when
Exiv2 is used to write metadata into a crafted image
file. An attacker could potentially exploit the
vulnerability to cause a denial of service, if they can
trick the victim into running Exiv2 on a crafted image
file.(CVE-2021-32617)
- Exiv2 0.27.2 allows attackers to trigger a crash in
Exiv2::getULong in types.cpp when called from
Exiv2::Internal::CiffDirectory::readDirectory in
crwimage_int.cpp, because there is no validation of the
relationship of the total size to the offset and
size.(CVE-2019-17402)
- Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26
allows remote attackers to cause a denial of service
(heap-based buffer over-read) via a crafted image file,
a different vulnerability than
CVE-2018-10999.(CVE-2018-16336)
- Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2
allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via a
crafted file.(CVE-2018-19607)
- Exiv2 0.26 has a heap-based buffer overflow in getData
in preview.cpp.(CVE-2018-11531)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2367
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5015edaf");
script_set_attribute(attribute:"solution", value:
"Update the affected exiv2 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-11531");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2021/09/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/09/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:exiv2-libs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["exiv2-libs-0.23-6.h8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "exiv2");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11531
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16336
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17402
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29458
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32617
www.nessus.org/u?5015edaf
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
79.1%