Bug 1050257 – VUL-0: CVE-2017-11591: exiv2: Floating point exception in Exiv2::ValueType

Bug 1050257 - (CVE-2017-11591) VUL-0: CVE-2017-11591: exiv2: Floating point exception in Exiv2::ValueType

(CVE-2017-11591)
Summary:	VUL-0: CVE-2017-11591: exiv2: Floating point exception in Exiv2::ValueType

Status:	NEW

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/189049/
Whiteboard:	CVSSv2:SUSE:CVE-2017-11591:4.3:(AV:N/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-07-24 15:36 UTC by Johannes Segitz
Modified:	2022-11-29 17:40 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Reproducer (2.00 KB, image/tiff) 2017-07-24 15:36 UTC, Johannes Segitz	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2017-07-24 15:36:49 UTC

Created attachment 733600 [details]
Reproducer

rh#1473888

There is a Floating point exception in the Exiv2::ValueType function in Exiv2
0.26 that will lead to a remote denial of service attack via crafted input.

exiv2 POC8

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1473888
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11591

Comment 1 Dirk Mueller 2017-10-17 12:42:04 UTC

submitted for Leap 42.2 and 42.3 (this really isn't "P4 / Low" by any standards imho, but allows code execution)

Comment 2 Bernhard Wiedemann 2017-10-17 14:01:05 UTC

This is an autogenerated message for OBS integration:
This bug (1050257) was mentioned in
https://build.opensuse.org/request/show/534433 42.2 / exiv2
https://build.opensuse.org/request/show/534434 42.3 / exiv2

Comment 3 Johannes Segitz 2017-10-18 14:37:27 UTC

(In reply to Dirk Mueller from comment #1)
Thanks. We don't use the Priority field, only severity. But normal is also to low, increasing to major

Comment 4 Swamp Workflow Management 2017-10-20 22:09:03 UTC

openSUSE-SU-2017:2818-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1050257,1051188,1060996,1061000,1061003
CVE References: CVE-2017-11591,CVE-2017-11683,CVE-2017-14859,CVE-2017-14862,CVE-2017-14865
Sources used:
openSUSE Leap 42.3 (src):    exiv2-0.25-10.1
openSUSE Leap 42.2 (src):    exiv2-0.25-7.3.1

Comment 6 Dirk Mueller 2018-05-30 11:50:09 UTC

submitted to Factory now.

Comment 7 Swamp Workflow Management 2018-05-30 12:40:09 UTC

This is an autogenerated message for OBS integration:
This bug (1050257) was mentioned in
https://build.opensuse.org/request/show/613049 Factory / exiv2

Comment 10 Swamp Workflow Management 2018-07-05 10:11:14 UTC

SUSE-SU-2018:1882-1: An update that fixes 15 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1048883,1050257,1051188,1054590,1054592,1054593,1060995,1060996,1061000,1061023
CVE References: CVE-2017-11337,CVE-2017-11338,CVE-2017-11339,CVE-2017-11340,CVE-2017-11553,CVE-2017-11591,CVE-2017-11592,CVE-2017-11683,CVE-2017-12955,CVE-2017-12956,CVE-2017-12957,CVE-2017-14859,CVE-2017-14860,CVE-2017-14862,CVE-2017-14864
Sources used:
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    exiv2-0.26-6.3.1

Comment 11 Swamp Workflow Management 2018-07-14 01:09:43 UTC

openSUSE-SU-2018:1961-1: An update that fixes 15 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1048883,1050257,1051188,1054590,1054592,1054593,1060995,1060996,1061000,1061023
CVE References: CVE-2017-11337,CVE-2017-11338,CVE-2017-11339,CVE-2017-11340,CVE-2017-11553,CVE-2017-11591,CVE-2017-11592,CVE-2017-11683,CVE-2017-12955,CVE-2017-12956,CVE-2017-12957,CVE-2017-14859,CVE-2017-14860,CVE-2017-14862,CVE-2017-14864
Sources used:
openSUSE Leap 15.0 (src):    exiv2-0.26-lp150.5.3.1

Comment 16 Swamp Workflow Management 2018-11-23 20:16:09 UTC

SUSE-SU-2018:3882-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1050257,1051188,1060995,1060996,1061000,1072928,1092952,1093095,1095070
CVE References: CVE-2017-11591,CVE-2017-11683,CVE-2017-14859,CVE-2017-14862,CVE-2017-14864,CVE-2017-17669,CVE-2018-10958,CVE-2018-10998,CVE-2018-11531
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    exiv2-0.23-12.5.1
SUSE Linux Enterprise Server 12-SP3 (src):    exiv2-0.23-12.5.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    exiv2-0.23-12.5.1

Comment 17 Swamp Workflow Management 2018-12-12 20:12:49 UTC

SUSE-SU-2018:3882-2: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1050257,1051188,1060995,1060996,1061000,1072928,1092952,1093095,1095070
CVE References: CVE-2017-11591,CVE-2017-11683,CVE-2017-14859,CVE-2017-14862,CVE-2017-14864,CVE-2017-17669,CVE-2018-10958,CVE-2018-10998,CVE-2018-11531
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    exiv2-0.23-12.5.1
SUSE Linux Enterprise Server 12-SP4 (src):    exiv2-0.23-12.5.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    exiv2-0.23-12.5.1

Comment 28 Swamp Workflow Management 2022-11-23 20:26:36 UTC

SUSE-SU-2022:4208-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1050257,1095070,1110282,1119559,1119560,1119562,1142677,1142678,1153577,1186231,1189337
CVE References: CVE-2017-11591,CVE-2018-11531,CVE-2018-17581,CVE-2018-20097,CVE-2018-20098,CVE-2018-20099,CVE-2019-13109,CVE-2019-13110,CVE-2019-17402,CVE-2021-29473,CVE-2021-32815
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    exiv2-0_26-0.26-150400.9.21.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src):    exiv2-0_26-0.26-150400.9.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Swamp Workflow Management 2022-11-29 17:40:45 UTC

SUSE-SU-2022:4276-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1050257,1095070,1110282,1119559,1119560,1119562,1142677,1142678,1153577,1186231,1189337
CVE References: CVE-2017-11591,CVE-2018-11531,CVE-2018-17581,CVE-2018-20097,CVE-2018-20098,CVE-2018-20099,CVE-2019-13109,CVE-2019-13110,CVE-2019-17402,CVE-2021-29473,CVE-2021-32815
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    exiv2-0.26-150000.6.26.1
SUSE Manager Server 4.1 (src):    exiv2-0.26-150000.6.26.1
SUSE Manager Retail Branch Server 4.1 (src):    exiv2-0.26-150000.6.26.1
SUSE Manager Proxy 4.1 (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server for SAP 15 (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Server 15-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    exiv2-0.26-150000.6.26.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    exiv2-0.26-150000.6.26.1
SUSE Enterprise Storage 7 (src):    exiv2-0.26-150000.6.26.1
SUSE Enterprise Storage 6 (src):    exiv2-0.26-150000.6.26.1
SUSE CaaS Platform 4.0 (src):    exiv2-0.26-150000.6.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.