Bug 1085585 – VUL-0: CVE-2017-18234: exempi: It allows remote attackers tocause a denial of service (invalid memcpy with resultant use-after-free) orpossibly have unspecified other impact via a .pdf file

Bug 1085585 - (CVE-2017-18234) VUL-0: CVE-2017-18234: exempi: It allows remote attackers tocause a denial of service (invalid memcpy with resultant use-after-free) orpossibly have unspecified other impact via a .pdf file

(CVE-2017-18234)
Summary:	VUL-0: CVE-2017-18234: exempi: It allows remote attackers tocause a denial of...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/202082/
Whiteboard:	CVSSv3:RedHat:CVE-2017-18234:3.3:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-03-16 06:11 UTC by Karol Babioch
Modified:	2018-11-23 15:41 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karol Babioch 2018-03-16 06:11:51 UTC

CVE-2017-18234

An issue was discovered in Exempi before 2.4.3. It allows remote attackers to
cause a denial of service (invalid memcpy with resultant use-after-free) or
possibly have unspecified other impact via a .pdf file containing JPEG data,
related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp,
XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and
XMPFiles/source/FormatSupport/TIFF_Support.hpp.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18234
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18234.html
https://cgit.freedesktop.org/exempi/commit/?id=c26d5beb60a5a85f76259f50ed3e08c8169b0a0c
https://bugs.freedesktop.org/show_bug.cgi?id=100397

Comment 3 Yifan Jiang 2018-06-27 11:14:19 UTC

Zheng Qiang,

Please help on submitting the fix. Thank you!

Comment 5 Swamp Workflow Management 2018-07-26 19:10:12 UTC

SUSE-SU-2018:2067-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1085295,1085585
CVE References: CVE-2017-18234,CVE-2018-7730
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    exempi-2.0.2-4.5.1
SUSE Linux Enterprise Server 11-SP4 (src):    exempi-2.0.2-4.5.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    exempi-2.0.2-4.5.1

Comment 6 Johannes Segitz 2018-09-07 10:39:09 UTC

submit for SLE 11 got declined due to missing fixes. Please include them and resubmit. Thank you

Comment 8 Qiang Zheng 2018-09-10 02:34:49 UTC

Hi kbabioch,

I find you submittd two cve patches to SUSE:SLE-12:Update and only one patch to SUSE:SLE-11:Update, I guess that's why the submit for SLE 11 got declined, please correct if I misunderstand.

Comment 10 Karol Babioch 2018-09-10 07:25:46 UTC

(In reply to Qiang Zheng from comment #8)
> Hi kbabioch,
> 
> I find you submittd two cve patches to SUSE:SLE-12:Update and only one patch
> to SUSE:SLE-11:Update, I guess that's why the submit for SLE 11 got
> declined, please correct if I misunderstand.

As far as I remember I've submitted fixes for all affected vulnerabilities a while back based on my anaylsis, which is the following for the CVEs filed against exempi:

CVE-2018-7728:
			na			42dbac60 -> 2.2.0

Comment 11 Karol Babioch 2018-09-10 07:28:43 UTC

Unfortunately I've messed up my previous comment and cannot edit it. Here is my analysis:

CVE-2018-7728
	SLE-12: affected
	SLE-11: not affected
	introduced with upstream commit 42dbac60, which first appeared in 2.2.0

CVE-2018-7729
	SLE-12: not affected
	SLE-11: not affected
	introduced with upstream commit 4652015f, which first appeared in 2.4.0

CVE-2018-7730
	SLE-12: affected
	SLE-11: affected
	introduced with very first upstream commit (9d7d7c3)

CVE-2018-7731
	SLE-12: not affected
	SLE-11: not affected
	WebP handler was introduced with 664d0a11 (2.4.0), so does not affect us.

CVE-2017-18234
	SLE-12: affected
	SLE-11: affected

Comment 12 Karol Babioch 2018-09-10 07:32:18 UTC

According to the decline message the following fixes are missing and the current status of our internal tracking is:

- CVE-2017-18238 -> SUSE:SLE-11:Update: not affected, SUSE:SLE-12:Update: affected
- CVE-2017-18233 -> SUSE:SLE-11:Update: not affected, SUSE:SLE-12:Update: affected
- CVE-2017-18236 -> SUSE:SLE-11:Update: not affected, SUSE:SLE-12:Update: affected

Comment 15 Qiang Zheng 2018-09-14 00:23:59 UTC

Missing fixes for bsc#1085589, bsc#1085584 and bsc#1085583" have been submitted.

Comment 16 Swamp Workflow Management 2018-10-24 16:48:19 UTC

SUSE-SU-2018:3389-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1085295,1085297,1085583,1085584,1085585,1085589
CVE References: CVE-2017-18233,CVE-2017-18234,CVE-2017-18236,CVE-2017-18238,CVE-2018-7728,CVE-2018-7730
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    exempi-2.2.1-5.7.1
SUSE Linux Enterprise Server 12-SP3 (src):    exempi-2.2.1-5.7.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    exempi-2.2.1-5.7.1

Comment 17 Marcus Meissner 2018-10-26 06:38:03 UTC

was released