First Last Prev Next    This bug is not in your last search results.
Bug 1054593 - (CVE-2017-12955) VUL-0: CVE-2017-12955: exiv2: There is a heap-buffer-overflow in basicio.cpp of exiv2.
(CVE-2017-12955)
VUL-0: CVE-2017-12955: exiv2: There is a heap-buffer-overflow in basicio.cpp...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Other
Leap 42.3
Other Other
: P3 - Medium : Minor (vote)
: ---
Assigned To: Security Team bot
E-mail List
https://smash.suse.de/issue/190822/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-19 11:31 UTC by Marcus Meissner
Modified: 2022-10-28 17:28 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
POC11 (100 bytes, application/octet-stream)
2017-08-19 11:34 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-08-19 11:31:00 UTC 
rh#1482295

There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The
vulnerability causes an out-of-bounds write in
Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or
possibly unspecified other impact.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1482295
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12955
Comment 1 Marcus Meissner 2017-08-19 11:33:51 UTC 
does only seem to trigger on factory, not on leap.

did not find yet exactly where/how
Comment 2 Marcus Meissner 2017-08-19 11:34:41 UTC 
Created attachment 737352 [details]
POC11

QA REPRODUCER:

exiv2 POC11

should not crash
Comment 3 Alexander Bergmann 2018-04-13 15:25:21 UTC 
Moving to version Leap 42.3, even that only Factory seams to be affected.
Comment 4 Dirk Mueller 2018-05-30 11:46:03 UTC 
was fixed as part of https://github.com/Exiv2/exiv2/pull/120 which I added to the factory package now.
Comment 5 Swamp Workflow Management 2018-05-30 12:40:13 UTC 
This is an autogenerated message for OBS integration:
This bug (1054593) was mentioned in
https://build.opensuse.org/request/show/613049 Factory / exiv2
Comment 7 Swamp Workflow Management 2018-07-05 10:11:52 UTC 
SUSE-SU-2018:1882-1: An update that fixes 15 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1048883,1050257,1051188,1054590,1054592,1054593,1060995,1060996,1061000,1061023
CVE References: CVE-2017-11337,CVE-2017-11338,CVE-2017-11339,CVE-2017-11340,CVE-2017-11553,CVE-2017-11591,CVE-2017-11592,CVE-2017-11683,CVE-2017-12955,CVE-2017-12956,CVE-2017-12957,CVE-2017-14859,CVE-2017-14860,CVE-2017-14862,CVE-2017-14864
Sources used:
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    exiv2-0.26-6.3.1
Comment 8 Andreas Stieger 2018-07-13 18:04:27 UTC 
done
Comment 9 Swamp Workflow Management 2018-07-14 01:10:21 UTC 
openSUSE-SU-2018:1961-1: An update that fixes 15 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1048883,1050257,1051188,1054590,1054592,1054593,1060995,1060996,1061000,1061023
CVE References: CVE-2017-11337,CVE-2017-11338,CVE-2017-11339,CVE-2017-11340,CVE-2017-11553,CVE-2017-11591,CVE-2017-11592,CVE-2017-11683,CVE-2017-12955,CVE-2017-12956,CVE-2017-12957,CVE-2017-14859,CVE-2017-14860,CVE-2017-14862,CVE-2017-14864
Sources used:
openSUSE Leap 15.0 (src):    exiv2-0.26-lp150.5.3.1
First Last Prev Next    This bug is not in your last search results.