ID CVE-2018-10998
Summary An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.
References
Vulnerable Configurations
  • Exiv2 0.26
    cpe:2.3:a:exiv2:exiv2:0.26
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 17.10
    cpe:2.3:o:canonical:ubuntu_linux:17.10
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-388
CAPEC
  • Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping
    An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes any stack traces produced by error messages. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to cause the targeted application to return an error including a stack trace, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. The stack trace enumerates the chain of methods that led up to the point where the error was encountered. This can not only reveal the names of the methods (some of which may have known weaknesses) but possibly also the location of class files and libraries as well as parameter values. In some cases, the stack trace might even disclose sensitive configuration or user information.
  • Fuzzing
    Fuzzing is a software testing method that feeds randomly constructed input to the system and looks for an indication that a failure in response to that input has occurred. Fuzzing treats the system as a black box and is totally free from any preconceptions or assumptions about the system. An attacker can leverage fuzzing to try to identify weaknesses in the system. For instance fuzzing can help an attacker discover certain assumptions made in the system about user input. Fuzzing gives an attacker a quick way of potentially uncovering some of these assumptions without really knowing anything about the internals of the system. These assumptions can then be turned against the system by specially crafting user input that may allow an attacker to achieve his goals.
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3700-1.NASL
    description It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2018-10958, CVE-2018-10998) It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this to access sensitive information. (CVE-2018-10999) It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-11531) It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to access sensitive information. (CVE-2018-12264, CVE-2018-12265). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110922
    published 2018-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110922
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : exiv2 vulnerabilities (USN-3700-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4238.NASL
    description Several vulnerabilities have been discovered in Exiv2, a C++ library and a command line utility to manage image metadata which could result in denial of service or the execution of arbitrary code if a malformed file is parsed.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110910
    published 2018-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110910
    title Debian DSA-4238-1 : exiv2 - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-8B67A5C7E2.NASL
    description Exiv2 update with security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120594
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120594
    title Fedora 28 : exiv2 (2018-8b67a5c7e2)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201811-14.NASL
    description The remote host is affected by the vulnerability described in GLSA-201811-14 (Exiv2: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Exiv2. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a Denial of Service condition or obtain sensitive information via a specially crafted file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 119134
    published 2018-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119134
    title GLSA-201811-14 : Exiv2: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-871FA4D189.NASL
    description Exiv2 update with security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 111620
    published 2018-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111620
    title Fedora 27 : exiv2 (2018-871fa4d189)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1402.NASL
    description Several vulnerabilities have been discovered in exiv2, a C++ library and a command line utility to manage image metadata, resulting in denial of service, heap-based buffer over-read/overflow, memory exhaustion, and application crash. For Debian 8 'Jessie', these problems have been fixed in version 0.24-4.1+deb8u1. We recommend that you upgrade your exiv2 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 110728
    published 2018-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110728
    title Debian DLA-1402-1 : exiv2 security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3882-1.NASL
    description This update for exiv2 fixes the following issues : CVE-2017-11591: A floating point exception in the Exiv2::ValueType function could lead to a remote denial of service attack via crafted input. (bsc#1050257) CVE-2017-14864: An invalid memory address dereference was discovered in Exiv2::getULong in types.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060995) CVE-2017-14862: An invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060996) CVE-2017-14859: An invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1061000) CVE-2017-11683: There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp that could lead to a remote denial of service attack via crafted input. (bsc#1051188) CVE-2017-17669: There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp. A crafted PNG file would lead to a remote denial of service attack. (bsc#1072928) CVE-2018-10958: In types.cpp a large size value might have lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. (bsc#1092952) CVE-2018-10998: readMetadata in jp2image.cpp allowed remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. (bsc#1093095) CVE-2018-11531: Exiv2 had a heap-based buffer overflow in getData in preview.cpp. (bsc#1095070) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 119144
    published 2018-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119144
    title SUSE SLED12 / SLES12 Security Update : exiv2 (SUSE-SU-2018:3882-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3882-2.NASL
    description This update for exiv2 fixes the following issues : CVE-2017-11591: A floating point exception in the Exiv2::ValueType function could lead to a remote denial of service attack via crafted input. (bsc#1050257) CVE-2017-14864: An invalid memory address dereference was discovered in Exiv2::getULong in types.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060995) CVE-2017-14862: An invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060996) CVE-2017-14859: An invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1061000) CVE-2017-11683: There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp that could lead to a remote denial of service attack via crafted input. (bsc#1051188) CVE-2017-17669: There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp. A crafted PNG file would lead to a remote denial of service attack. (bsc#1072928) CVE-2018-10958: In types.cpp a large size value might have lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. (bsc#1092952) CVE-2018-10998: readMetadata in jp2image.cpp allowed remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. (bsc#1093095) CVE-2018-11531: Exiv2 had a heap-based buffer overflow in getData in preview.cpp. (bsc#1095070) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-13
    plugin id 119645
    published 2018-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119645
    title SUSE SLED12 / SLES12 Security Update : exiv2 (SUSE-SU-2018:3882-2)
refmap via4
debian DSA-4238
gentoo GLSA-201811-14
misc https://github.com/Exiv2/exiv2/issues/303
mlist [debian-lts-announce] 20180628 [SECURITY] [DLA 1402-1] exiv2 security update
ubuntu USN-3700-1
Last major update 12-05-2018 - 00:29
Published 12-05-2018 - 00:29
Last modified 21-03-2019 - 16:12
Back to Top