Bugzilla – Bug 1061023
VUL-0: exiv2: It is a heap-buffer-overflow in Exiv2::Jp2Image::readMetadata (jp2image.cpp:277)
Last modified: 2020-01-16 13:50:55 UTC
rh#1494776 There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. References: https://bugzilla.redhat.com/show_bug.cgi?id=1494776 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14860 http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14860.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14860
Created attachment 744748 [details] proof of concept
This does not apply to exiv 0.25 or older, the relevant code part was only added in 0.26.
Unfixed in Factory
filed https://github.com/Exiv2/exiv2/issues/336 for this
SUSE-SU-2018:1882-1: An update that fixes 15 vulnerabilities is now available. Category: security (moderate) Bug References: 1048883,1050257,1051188,1054590,1054592,1054593,1060995,1060996,1061000,1061023 CVE References: CVE-2017-11337,CVE-2017-11338,CVE-2017-11339,CVE-2017-11340,CVE-2017-11553,CVE-2017-11591,CVE-2017-11592,CVE-2017-11683,CVE-2017-12955,CVE-2017-12956,CVE-2017-12957,CVE-2017-14859,CVE-2017-14860,CVE-2017-14862,CVE-2017-14864 Sources used: SUSE Linux Enterprise Module for Desktop Applications 15 (src): exiv2-0.26-6.3.1
openSUSE-SU-2018:1961-1: An update that fixes 15 vulnerabilities is now available. Category: security (moderate) Bug References: 1048883,1050257,1051188,1054590,1054592,1054593,1060995,1060996,1061000,1061023 CVE References: CVE-2017-11337,CVE-2017-11338,CVE-2017-11339,CVE-2017-11340,CVE-2017-11553,CVE-2017-11591,CVE-2017-11592,CVE-2017-11683,CVE-2017-12955,CVE-2017-12956,CVE-2017-12957,CVE-2017-14859,CVE-2017-14860,CVE-2017-14862,CVE-2017-14864 Sources used: openSUSE Leap 15.0 (src): exiv2-0.26-lp150.5.3.1
(In reply to Johannes Segitz from comment #3) > Unfixed in Factory This is fixed in factory: ------------------------------------------------------------------- Wed May 30 11:36:20 UTC 2018 - dmueller@suse.com - update to latest 0.26 branch: * obsoletes 0001-Use-more-GNUInstallDirs.patch d4e4288d839d0d9546a05986771f8738c382060c.patch gcc-version-check.patch 7f5b0778fa301b68c1c88e3820ec3afbd09dd0a5.patch fix-crash.patch * adds exiv2-update-to-0.26-branch.patch * Fixes CVE-2017-14864 (bsc#1060995), CVE-2017-14862 (bsc#1060996), CVE-2017-14859 (bsc#1061000) CVE-2017-14860 (bsc#1048883), CVE-2017-11337 (bsc#1048883), CVE-2017-11338 (bsc#1048883), CVE-2017-11339 (bsc#1048883), CVE-2017-11340 (bsc#1048883), CVE-2017-11553, CVE-2017-12955 (bsc#1054593), CVE-2017-12956, CVE-2017-12957, CVE-2017-11683, CVE-2017-11592, CVE-2017-11591 (bsc#1050257)
can we close this?
Fixed in Leap 15.1.