Debian Local Security Checks : Debian LTS: Security Advisory for exiv2 (DLA-1691-1)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.891691

Categoría: Debian Local Security Checks

Título: Debian LTS: Security Advisory for exiv2 (DLA-1691-1)

Resumen: Several issues have been found in exiv2, a EXIF/IPTC/XMP metadata;manipulation tool.;;CVE-2018-17581;A stack overflow due to a recursive function call causing excessive;stack consumption which leads to denial of service.;;CVE-2018-19107;A heap based buffer over-read caused by an integer overflow could;result in a denial of service via a crafted file.;;CVE-2018-19108;There seems to be an infinite loop inside a function that can be;activated by a crafted image.;;CVE-2018-19535;A heap based buffer over-read caused could result in a denial of;service via a crafted file.;;CVE-2018-20097;A crafted image could result in a denial of service.

Descripción: Summary:
Several issues have been found in exiv2, a EXIF/IPTC/XMP metadata
manipulation tool.

CVE-2018-17581
A stack overflow due to a recursive function call causing excessive
stack consumption which leads to denial of service.

CVE-2018-19107
A heap based buffer over-read caused by an integer overflow could
result in a denial of service via a crafted file.

CVE-2018-19108
There seems to be an infinite loop inside a function that can be
activated by a crafted image.

CVE-2018-19535
A heap based buffer over-read caused could result in a denial of
service via a crafted file.

CVE-2018-20097
A crafted image could result in a denial of service.

Affected Software/OS:
exiv2 on Debian Linux

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
0.24-4.1+deb8u3.

We recommend that you upgrade your exiv2 packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-17581
Common Vulnerability Exposure (CVE) ID: CVE-2018-19107
Common Vulnerability Exposure (CVE) ID: CVE-2018-19108
Common Vulnerability Exposure (CVE) ID: CVE-2018-19535
Common Vulnerability Exposure (CVE) ID: CVE-2018-20097

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.891691
Categoría:	Debian Local Security Checks
Título:	Debian LTS: Security Advisory for exiv2 (DLA-1691-1)
Resumen:	Several issues have been found in exiv2, a EXIF/IPTC/XMP metadata;manipulation tool.;;CVE-2018-17581;A stack overflow due to a recursive function call causing excessive;stack consumption which leads to denial of service.;;CVE-2018-19107;A heap based buffer over-read caused by an integer overflow could;result in a denial of service via a crafted file.;;CVE-2018-19108;There seems to be an infinite loop inside a function that can be;activated by a crafted image.;;CVE-2018-19535;A heap based buffer over-read caused could result in a denial of;service via a crafted file.;;CVE-2018-20097;A crafted image could result in a denial of service.
Descripción:	Summary: Several issues have been found in exiv2, a EXIF/IPTC/XMP metadata manipulation tool. CVE-2018-17581 A stack overflow due to a recursive function call causing excessive stack consumption which leads to denial of service. CVE-2018-19107 A heap based buffer over-read caused by an integer overflow could result in a denial of service via a crafted file. CVE-2018-19108 There seems to be an infinite loop inside a function that can be activated by a crafted image. CVE-2018-19535 A heap based buffer over-read caused could result in a denial of service via a crafted file. CVE-2018-20097 A crafted image could result in a denial of service. Affected Software/OS: exiv2 on Debian Linux Solution: For Debian 8 'Jessie', these problems have been fixed in version 0.24-4.1+deb8u3. We recommend that you upgrade your exiv2 packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-17581 Common Vulnerability Exposure (CVE) ID: CVE-2018-19107 Common Vulnerability Exposure (CVE) ID: CVE-2018-19108 Common Vulnerability Exposure (CVE) ID: CVE-2018-19535 Common Vulnerability Exposure (CVE) ID: CVE-2018-20097
Copyright	Copyright (C) 2019 Greenbone Networks GmbH