Bug 1092096 - (CVE-2018-10772) VUL-1: exiv2: There is a Segmentation fault when the function Exiv2::tEXtToDataBuf() is finished
(CVE-2018-10772)
VUL-1: exiv2: There is a Segmentation fault when the function Exiv2::tEXtToDa...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/205321/
CVSSv3:SUSE:CVE-2018-10772:3.3:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-05-07 08:09 UTC by Karol Babioch
Modified: 2022-10-28 17:29 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Reproducer (266 bytes, image/png)
2018-05-07 08:09 UTC, Karol Babioch
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-05-07 08:09:40 UTC
Created attachment 769172 [details]
Reproducer

rh#1566260

The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote
attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted file.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1566260
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10772
Comment 1 Karol Babioch 2018-05-07 08:09:50 UTC
exiv2 -pR POC 
STRUCTURE OF PNG FILE: POC
 address | chunk |  length | data                           | checksum
       8 | IHDR  |      13 | ... ... ....                   | 0x44a48ac6
      33 | QEXt  |      25 | Software.Adobe ImageReady      | 0x71c9653c
      70 | PL    |      15 | ..... ... ....                 | 0x44a48ac6
      97 | tEXt  |      25 | Software.Adobe IpHYsReady      | 0x71c9653c
Speicherzugriffsfehler (Speicherabzug geschrieben)
Comment 2 Dirk Mueller 2022-09-26 19:21:18 UTC
this only affects SLE-15. older release do not have the tExtToDataBuf function.

submitted as update.
Comment 8 Swamp Workflow Management 2022-10-17 16:33:58 UTC
SUSE-SU-2022:3598-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 1076579,1086798,1086810,1092096,1114690,1185447,1186192,1188733,1188756,1189330,1189331,1189332,1189333,1189636,1189780
CVE References: CVE-2018-10772,CVE-2018-18915,CVE-2018-5772,CVE-2018-8976,CVE-2018-8977,CVE-2020-18898,CVE-2020-18899,CVE-2021-29470,CVE-2021-31291,CVE-2021-31292,CVE-2021-32617,CVE-2021-37618,CVE-2021-37619,CVE-2021-37620,CVE-2021-37621
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    exiv2-0.26-150000.6.16.1
openSUSE Leap 15.3 (src):    exiv2-0.26-150000.6.16.1
SUSE Manager Server 4.1 (src):    exiv2-0.26-150000.6.16.1
SUSE Manager Retail Branch Server 4.1 (src):    exiv2-0.26-150000.6.16.1
SUSE Manager Proxy 4.1 (src):    exiv2-0.26-150000.6.16.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    exiv2-0.26-150000.6.16.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    exiv2-0.26-150000.6.16.1
SUSE Linux Enterprise Server for SAP 15 (src):    exiv2-0.26-150000.6.16.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    exiv2-0.26-150000.6.16.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    exiv2-0.26-150000.6.16.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    exiv2-0.26-150000.6.16.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    exiv2-0.26-150000.6.16.1
SUSE Linux Enterprise Server 15-LTSS (src):    exiv2-0.26-150000.6.16.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src):    exiv2-0.26-150000.6.16.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src):    exiv2-0.26-150000.6.16.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    exiv2-0.26-150000.6.16.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    exiv2-0.26-150000.6.16.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    exiv2-0.26-150000.6.16.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    exiv2-0.26-150000.6.16.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    exiv2-0.26-150000.6.16.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    exiv2-0.26-150000.6.16.1
SUSE Enterprise Storage 7 (src):    exiv2-0.26-150000.6.16.1
SUSE Enterprise Storage 6 (src):    exiv2-0.26-150000.6.16.1
SUSE CaaS Platform 4.0 (src):    exiv2-0.26-150000.6.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.