SB2021092125 - Multiple vulnerabilities in GNU Exiv2
Published: September 21, 2021 Updated: December 22, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Infinite loop (CVE-ID: CVE-2021-37623)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in JpegBase::printStructure. A remote attacker can consume all available system resources and cause denial of service conditions.
2) Infinite loop (CVE-ID: CVE-2021-37622)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in JpegBase::printStructure(). A remote attacker can consume all available system resources and cause denial of service conditions.
3) Infinite loop (CVE-ID: CVE-2021-37621)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in Image::printIFDStructure(). A remote attacker can consume all available system resources and cause denial of service conditions.
4) Out-of-bounds read (CVE-ID: CVE-2021-37619)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
5) Out-of-bounds read (CVE-ID: CVE-2021-37618)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in Exiv2::Jp2Image::printStructure(). A remote attacker can pass a specially crafted file to the application, trigger an out-of-bounds read error and perform a denial of service attack.
6) NULL pointer dereference (CVE-ID: CVE-2021-37616)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Exiv2::Internal::resolveLens0x8ff(). A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
7) NULL pointer dereference (CVE-ID: CVE-2021-37615)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Exiv2::Internal::resolveLens0x319(). A remote attacker can pass specially crafted file to the application and perform a denial of service (DoS) attack.
8) Division by zero (CVE-ID: CVE-2021-34335)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to divide by zero error in Exiv2::Internal::resolveLens0xffff(). A remote attacker can pass specially crafted file to the application and crash it.
Remediation
Install update from vendor's website.
References
- https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq
- https://github.com/Exiv2/exiv2/pull/1790
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC/
- https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv
- https://github.com/Exiv2/exiv2/pull/1788
- https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html
- https://github.com/Exiv2/exiv2/pull/1778
- https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg
- https://github.com/Exiv2/exiv2/pull/1752
- https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v
- https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2
- https://github.com/Exiv2/exiv2/pull/1759
- https://github.com/Exiv2/exiv2/pull/1758
- https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w
- https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w
- https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984
- https://github.com/Exiv2/exiv2/pull/1750