CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
88.6%
This update for exiv2 fixes the following issues :
CVE-2017-11591: A floating point exception in the Exiv2::ValueType function could lead to a remote denial of service attack via crafted input. (bsc#1050257)
CVE-2017-14864: An invalid memory address dereference was discovered in Exiv2::getULong in types.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060995)
CVE-2017-14862: An invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060996)
CVE-2017-14859: An invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1061000)
CVE-2017-11683: There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp that could lead to a remote denial of service attack via crafted input.
(bsc#1051188)
CVE-2017-17669: There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp. A crafted PNG file would lead to a remote denial of service attack.
(bsc#1072928)
CVE-2018-10958: In types.cpp a large size value might have lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. (bsc#1092952)
CVE-2018-10998: readMetadata in jp2image.cpp allowed remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. (bsc#1093095)
CVE-2018-11531: Exiv2 had a heap-based buffer overflow in getData in preview.cpp. (bsc#1095070)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:3882-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(119144);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/07/19");
script_cve_id(
"CVE-2017-11591",
"CVE-2017-11683",
"CVE-2017-14859",
"CVE-2017-14862",
"CVE-2017-14864",
"CVE-2017-17669",
"CVE-2018-10958",
"CVE-2018-10998",
"CVE-2018-11531"
);
script_name(english:"SUSE SLED12 / SLES12 Security Update : exiv2 (SUSE-SU-2018:3882-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for exiv2 fixes the following issues :
CVE-2017-11591: A floating point exception in the Exiv2::ValueType
function could lead to a remote denial of service attack via crafted
input. (bsc#1050257)
CVE-2017-14864: An invalid memory address dereference was discovered
in Exiv2::getULong in types.cpp. The vulnerability caused a
segmentation fault and application crash, which lead to denial of
service. (bsc#1060995)
CVE-2017-14862: An invalid memory address dereference was discovered
in Exiv2::DataValue::read in value.cpp. The vulnerability caused a
segmentation fault and application crash, which lead to denial of
service. (bsc#1060996)
CVE-2017-14859: An invalid memory address dereference was discovered
in Exiv2::StringValueBase::read in value.cpp. The vulnerability caused
a segmentation fault and application crash, which lead to denial of
service. (bsc#1061000)
CVE-2017-11683: There is a reachable assertion in the
Internal::TiffReader::visitDirectory function in tiffvisitor.cpp that
could lead to a remote denial of service attack via crafted input.
(bsc#1051188)
CVE-2017-17669: There is a heap-based buffer over-read in the
Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp. A
crafted PNG file would lead to a remote denial of service attack.
(bsc#1072928)
CVE-2018-10958: In types.cpp a large size value might have lead to a
SIGABRT during an attempt at memory allocation for an
Exiv2::Internal::PngChunk::zlibUncompress call. (bsc#1092952)
CVE-2018-10998: readMetadata in jp2image.cpp allowed remote attackers
to cause a denial of service (SIGABRT) by triggering an incorrect
Safe::add call. (bsc#1093095)
CVE-2018-11531: Exiv2 had a heap-based buffer overflow in getData in
preview.cpp. (bsc#1095070)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1050257");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1051188");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1060995");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1060996");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1061000");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1072928");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1092952");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1093095");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1095070");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-11591/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-11683/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-14859/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-14862/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-14864/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-17669/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-10958/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-10998/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-11531/");
# https://www.suse.com/support/update/announcement/2018/suse-su-20183882-1/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?446c265a");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2018-2772=1
SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2018-2772=1
SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP3-2018-2772=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-11531");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/24");
script_set_attribute(attribute:"patch_publication_date", value:"2018/11/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:exiv2-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:exiv2-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libexiv2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libexiv2-12-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"3", reference:"exiv2-debuginfo-0.23-12.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"exiv2-debugsource-0.23-12.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libexiv2-12-0.23-12.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libexiv2-12-debuginfo-0.23-12.5.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"exiv2-debuginfo-0.23-12.5.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"exiv2-debugsource-0.23-12.5.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libexiv2-12-0.23-12.5.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libexiv2-12-debuginfo-0.23-12.5.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "exiv2");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11591
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11683
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14859
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14862
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14864
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17669
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11531
www.nessus.org/u?446c265a
bugzilla.suse.com/show_bug.cgi?id=1050257
bugzilla.suse.com/show_bug.cgi?id=1051188
bugzilla.suse.com/show_bug.cgi?id=1060995
bugzilla.suse.com/show_bug.cgi?id=1060996
bugzilla.suse.com/show_bug.cgi?id=1061000
bugzilla.suse.com/show_bug.cgi?id=1072928
bugzilla.suse.com/show_bug.cgi?id=1092952
bugzilla.suse.com/show_bug.cgi?id=1093095
bugzilla.suse.com/show_bug.cgi?id=1095070
www.suse.com/security/cve/CVE-2017-11591/
www.suse.com/security/cve/CVE-2017-11683/
www.suse.com/security/cve/CVE-2017-14859/
www.suse.com/security/cve/CVE-2017-14862/
www.suse.com/security/cve/CVE-2017-14864/
www.suse.com/security/cve/CVE-2017-17669/
www.suse.com/security/cve/CVE-2018-10958/
www.suse.com/security/cve/CVE-2018-10998/
www.suse.com/security/cve/CVE-2018-11531/
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
88.6%