Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3852-1.NASL
HistoryOct 20, 2023 - 12:00 a.m.

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Exiv2 vulnerabilities (USN-3852-1)

2023-10-2000:00:00
Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
ubuntu
exiv2
vulnerabilities
denial of service
segmentation fault
remote attack
cve-2017-11591
cve-2017-11683
cve-2017-14859
cve-2017-14862
cve-2017-14864
cve-2017-17669
cve-2017-9239
cve-2018-16336
cve-2018-17581
usn-3852-1
JSON

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3852-1 advisory.

  • There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. (CVE-2017-11591)

  • There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. (CVE-2017-11683)

  • An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (CVE-2017-14859)

  • An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26.
    The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
    (CVE-2017-14862)

  • An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
    (CVE-2017-14864)

  • There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.
    (CVE-2017-17669)

  • An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file. (CVE-2017-9239)

  • Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. (CVE-2018-16336)

  • CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. (CVE-2018-17581)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3852-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(183626);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id(
    "CVE-2017-9239",
    "CVE-2017-11591",
    "CVE-2017-11683",
    "CVE-2017-14859",
    "CVE-2017-14862",
    "CVE-2017-14864",
    "CVE-2017-17669",
    "CVE-2018-16336",
    "CVE-2018-17581"
  );
  script_xref(name:"USN", value:"3852-1");

  script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Exiv2 vulnerabilities (USN-3852-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple
vulnerabilities as referenced in the USN-3852-1 advisory.

  - There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a
    remote denial of service attack via crafted input. (CVE-2017-11591)

  - There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of
    Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. (CVE-2017-11683)

  - An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2
    0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of
    service. (CVE-2017-14859)

  - An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26.
    The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
    (CVE-2017-14862)

  - An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The
    vulnerability causes a segmentation fault and application crash, which leads to denial of service.
    (CVE-2017-14864)

  - There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of
    pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.
    (CVE-2017-17669)

  - An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the
    program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use
    the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a
    crafted tiff file. (CVE-2017-9239)

  - Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of
    service (heap-based buffer over-read) via a crafted image file, a different vulnerability than
    CVE-2018-10999. (CVE-2018-16336)

  - CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a
    recursive function, leading to Denial of service. (CVE-2018-17581)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3852-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-11591");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/01/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:exiv2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libexiv2-12");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libexiv2-14");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libexiv2-dev");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release || '16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'exiv2', 'pkgver': '0.23-1ubuntu2.2'},
    {'osver': '14.04', 'pkgname': 'libexiv2-12', 'pkgver': '0.23-1ubuntu2.2'},
    {'osver': '14.04', 'pkgname': 'libexiv2-dev', 'pkgver': '0.23-1ubuntu2.2'},
    {'osver': '16.04', 'pkgname': 'exiv2', 'pkgver': '0.25-2.1ubuntu16.04.3'},
    {'osver': '16.04', 'pkgname': 'libexiv2-14', 'pkgver': '0.25-2.1ubuntu16.04.3'},
    {'osver': '16.04', 'pkgname': 'libexiv2-dev', 'pkgver': '0.25-2.1ubuntu16.04.3'},
    {'osver': '18.04', 'pkgname': 'exiv2', 'pkgver': '0.25-3.1ubuntu0.18.04.2'},
    {'osver': '18.04', 'pkgname': 'libexiv2-14', 'pkgver': '0.25-3.1ubuntu0.18.04.2'},
    {'osver': '18.04', 'pkgname': 'libexiv2-dev', 'pkgver': '0.25-3.1ubuntu0.18.04.2'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'exiv2 / libexiv2-12 / libexiv2-14 / libexiv2-dev');
}
VendorProductVersionCPE
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04:-:lts
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linuxexiv2p-cpe:/a:canonical:ubuntu_linux:exiv2
canonicalubuntu_linuxlibexiv2-12p-cpe:/a:canonical:ubuntu_linux:libexiv2-12
canonicalubuntu_linuxlibexiv2-14p-cpe:/a:canonical:ubuntu_linux:libexiv2-14
canonicalubuntu_linuxlibexiv2-devp-cpe:/a:canonical:ubuntu_linux:libexiv2-dev

Related

openvas 30
ubuntu 2
nessus 44
debian 8
osv 22
veracode 10
cvelist 11
prion 11
debiancve 11
cve 11
redhatcve 10
ubuntucve 13
suse 2
mageia 1
fedora 1
redhat 2
centos 1
gentoo 1
amazon 1
oraclelinux 2
almalinux 1
rocky 1
openvas
openvas
Ubuntu: Security Advisory (USN-3852-1)
2019-01-11 00:00:00
Debian: Security Advisory (DLA-1147-1)
2018-02-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3882-2)
2021-04-19 00:00:00
ubuntu
ubuntu
Exiv2 vulnerabilities
2019-01-10 00:00:00
Exiv2 vulnerabilities
2018-07-03 00:00:00
nessus
nessus
Debian DLA-1147-1 : exiv2 security update
2017-10-27 00:00:00
SUSE SLED12 / SLES12 Security Update : exiv2 (SUSE-SU-2018:3882-1)
2018-11-26 00:00:00
SUSE SLED12 / SLES12 Security Update : exiv2 (SUSE-SU-2018:3882-2)
2018-12-13 00:00:00
debian
debian
[SECURITY] [DLA 1147-1] exiv2 security update
2017-10-26 17:13:56
[SECURITY] [DLA 1551-1] exiv2 security update
2018-10-21 04:39:45
[SECURITY] [DLA 963-1] exiv2 security update
2017-05-29 22:18:30
osv
osv
exiv2 - security update
2017-10-26 00:00:00
CVE-2018-16336
2018-09-02 03:29:00
exiv2 - security update
2018-10-20 00:00:00
veracode
veracode
Denial Of Service
2018-09-03 04:50:33
Denial Of Service (DoS)
2018-08-10 02:06:50
Denial Of Service (DoS)
2018-06-01 05:21:59
cvelist
cvelist
CVE-2018-16336
2018-09-02 03:00:00
CVE-2017-9239
2017-05-26 10:00:00
CVE-2017-11591
2017-07-24 00:00:00
prion
prion
Heap overflow
2018-09-02 03:29:00
Design/Logic Flaw
2017-05-26 10:29:00
Input validation
2017-07-24 01:29:00
debiancve
debiancve
CVE-2018-16336
2018-09-02 03:29:00
CVE-2018-17581
2018-09-28 09:29:00
CVE-2017-11591
2017-07-24 01:29:00
cve
cve
CVE-2018-16336
2018-09-02 03:29:00
CVE-2017-11591
2017-07-24 01:29:00
CVE-2017-11683
2017-07-27 06:29:00
redhatcve
redhatcve
CVE-2018-16336
2018-09-03 19:49:50
CVE-2017-9239
2017-05-26 10:48:55
CVE-2017-14862
2017-10-10 11:49:57
ubuntucve
ubuntucve
CVE-2018-16336
2018-09-01 00:00:00
CVE-2017-14862
2017-09-28 00:00:00
CVE-2017-14864
2017-09-28 00:00:00
suse
suse
Security update for exiv2 (moderate)
2018-07-14 03:09:16
Security update for exiv2 (moderate)
2020-04-09 00:00:00
mageia
mageia
Updated exiv2 packages fix security vulnerabilities & bugs
2017-10-30 22:23:17
fedora
fedora
[SECURITY] Fedora 27 Update: exiv2-0.26-12.fc27
2018-08-09 16:53:01
redhat
redhat
(RHSA-2019:2101) Low: exiv2 security, bug fix, and enhancement update
2019-08-06 08:00:57
(RHSA-2020:1577) Moderate: exiv2 security, bug fix, and enhancement update
2020-04-28 08:52:31
centos
centos
exiv2 security update
2019-09-18 20:54:21
gentoo
gentoo
Exiv2: Multiple vulnerabilities
2018-11-24 00:00:00
amazon
amazon
Low: exiv2
2019-10-21 18:01:00
oraclelinux
oraclelinux
exiv2 security, bug fix, and enhancement update
2019-08-13 00:00:00
exiv2 security, bug fix, and enhancement update
2020-05-05 00:00:00
almalinux
almalinux
Moderate: exiv2 security, bug fix, and enhancement update
2020-04-28 08:52:31
rocky
rocky
exiv2 security, bug fix, and enhancement update
2020-04-28 08:52:31
JSON
Related for UBUNTU_USN-3852-1.NASL
openvas30ubuntu2nessus44debian8osv22veracode10cvelist11prion11debiancve11cve11redhatcve10ubuntucve13suse2mageia1fedora1redhat2centos1gentoo1amazon1oraclelinux2almalinux1rocky1