pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
26379462a9
vuln-list-alt/oval/c10f1/ALT-PU-2018-2105/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

473 lines
23 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20182105",
"Version": "oval:org.altlinux.errata:def:20182105",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-2105: package `exiv2` update to version 0.26-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-2105",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-2105",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-00418",
"RefURL": "https://bdu.fstec.ru/vul/2019-00418",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04239",
"RefURL": "https://bdu.fstec.ru/vul/2019-04239",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04240",
"RefURL": "https://bdu.fstec.ru/vul/2019-04240",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04248",
"RefURL": "https://bdu.fstec.ru/vul/2019-04248",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04249",
"RefURL": "https://bdu.fstec.ru/vul/2019-04249",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01396",
"RefURL": "https://bdu.fstec.ru/vul/2021-01396",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01397",
"RefURL": "https://bdu.fstec.ru/vul/2021-01397",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01445",
"RefURL": "https://bdu.fstec.ru/vul/2021-01445",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01446",
"RefURL": "https://bdu.fstec.ru/vul/2021-01446",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01449",
"RefURL": "https://bdu.fstec.ru/vul/2021-01449",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01651",
"RefURL": "https://bdu.fstec.ru/vul/2023-01651",
"Source": "BDU"
},
{
"RefID": "CVE-2017-11683",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11683",
"Source": "CVE"
},
{
"RefID": "CVE-2017-14859",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14859",
"Source": "CVE"
},
{
"RefID": "CVE-2017-14860",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14860",
"Source": "CVE"
},
{
"RefID": "CVE-2017-14862",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14862",
"Source": "CVE"
},
{
"RefID": "CVE-2017-14864",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14864",
"Source": "CVE"
},
{
"RefID": "CVE-2017-17669",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-17669",
"Source": "CVE"
},
{
"RefID": "CVE-2017-17723",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-17723",
"Source": "CVE"
},
{
"RefID": "CVE-2017-17725",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-17725",
"Source": "CVE"
},
{
"RefID": "CVE-2018-10958",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-10958",
"Source": "CVE"
},
{
"RefID": "CVE-2018-10998",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-10998",
"Source": "CVE"
},
{
"RefID": "CVE-2018-11531",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-11531",
"Source": "CVE"
},
{
"RefID": "CVE-2018-12264",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-12264",
"Source": "CVE"
},
{
"RefID": "CVE-2018-12265",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-12265",
"Source": "CVE"
},
{
"RefID": "CVE-2018-14046",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14046",
"Source": "CVE"
},
{
"RefID": "CVE-2018-5772",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5772",
"Source": "CVE"
},
{
"RefID": "CVE-2018-8976",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-8976",
"Source": "CVE"
},
{
"RefID": "CVE-2018-8977",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-8977",
"Source": "CVE"
}
],
"Description": "This update upgrades exiv2 to version 0.26-alt2. \nSecurity Fix(es):\n\n * BDU:2019-00418: Уязвимость функции getData библиотеки для управления метаданными медиафайлов Exiv2, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * BDU:2019-04239: Уязвимость компонента types.cpp библиотеки для управления метаданными медиафайлов Exiv2, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04240: Уязвимость компонента jp2image.cpp библиотеки для управления метаданными медиафайлов Exiv2, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04248: Уязвимость функции LoaderTiff::getData() библиотеки для управления метаданными медиафайлов Exiv2, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04249: Уязвимость класса LoaderExifJpeg библиотеки для управления метаданными медиафайлов Exiv2, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-01396: Уязвимость функции Exiv2::getULong в types.cpp библиотеки для управления метаданными медиафайлов Exiv2, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01397: Уязвимость функции Exiv2::StringValueBase::read в value.cpp библиотеки для управления метаданными медиафайлов Exiv2, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01445: Уязвимость функции Internal::TiffReader::visitDirectory в tiffvisitor.cpp библиотеки для управления метаданными медиафайлов Exiv2, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01446: Уязвимость функции Exiv2::DataValue::read в value.cpp библиотеки для управления метаданными медиафайлов Exiv2, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01449: Уязвимость функции Exiv2::Internal::PngChunk::keyTXTChunk в pngchunk_int.cpp библиотеки для управления метаданными медиафайлов Exiv2, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-01651: Уязвимость компонента jpgimage.cpp библиотеки для управления метаданными медиафайлов Exiv2, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2017-11683: There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.\n\n * CVE-2017-14859: An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.\n\n * CVE-2017-14860: There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.\n\n * CVE-2017-14862: An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.\n\n * CVE-2017-14864: An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.\n\n * CVE-2017-17669: There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.\n\n * CVE-2017-17723: In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to disclose memory data or cause a denial of service via a crafted TIFF file.\n\n * CVE-2017-17725: In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of service via a crafted image file. Note that this vulnerability is different from CVE-2017-14864, which is an invalid memory address dereference.\n\n * CVE-2018-10958: In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.\n\n * CVE-2018-10998: An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.\n\n * CVE-2018-11531: Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.\n\n * CVE-2018-12264: Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.\n\n * CVE-2018-12265: Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.\n\n * CVE-2018-14046: Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.\n\n * CVE-2018-5772: In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.\n\n * CVE-2018-8976: In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.\n\n * CVE-2018-8977: In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-08-07"
},
"Updated": {
"Date": "2018-08-07"
},
"BDUs": [
{
"ID": "BDU:2019-00418",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-00418",
"Impact": "Critical",
"Public": "20180422"
},
{
"ID": "BDU:2019-04239",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-04239",
"Impact": "Low",
"Public": "20180509"
},
{
"ID": "BDU:2019-04240",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-388",
"Href": "https://bdu.fstec.ru/vul/2019-04240",
"Impact": "Low",
"Public": "20180512"
},
{
"ID": "BDU:2019-04248",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125, CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04248",
"Impact": "High",
"Public": "20180613"
},
{
"ID": "BDU:2019-04249",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125, CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04249",
"Impact": "High",
"Public": "20180613"
},
{
"ID": "BDU:2021-01396",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2021-01396",
"Impact": "Low",
"Public": "20170922"
},
{
"ID": "BDU:2021-01397",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2021-01397",
"Impact": "Low",
"Public": "20170923"
},
{
"ID": "BDU:2021-01445",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://bdu.fstec.ru/vul/2021-01445",
"Impact": "Low",
"Public": "20170726"
},
{
"ID": "BDU:2021-01446",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2021-01446",
"Impact": "Low",
"Public": "20170923"
},
{
"ID": "BDU:2021-01449",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-01449",
"Impact": "Low",
"Public": "20171210"
},
{
"ID": "BDU:2023-01651",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2023-01651",
"Impact": "Low",
"Public": "20180323"
}
],
"CVEs": [
{
"ID": "CVE-2017-11683",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11683",
"Impact": "Low",
"Public": "20170727"
},
{
"ID": "CVE-2017-14859",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-14859",
"Impact": "Low",
"Public": "20170929"
},
{
"ID": "CVE-2017-14860",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-14860",
"Impact": "Low",
"Public": "20170929"
},
{
"ID": "CVE-2017-14862",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-14862",
"Impact": "Low",
"Public": "20170929"
},
{
"ID": "CVE-2017-14864",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-14864",
"Impact": "Low",
"Public": "20170929"
},
{
"ID": "CVE-2017-17669",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-17669",
"Impact": "Low",
"Public": "20171213"
},
{
"ID": "CVE-2017-17723",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-17723",
"Impact": "High",
"Public": "20180212"
},
{
"ID": "CVE-2017-17725",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-17725",
"Impact": "Low",
"Public": "20180212"
},
{
"ID": "CVE-2018-10958",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-10958",
"Impact": "Low",
"Public": "20180510"
},
{
"ID": "CVE-2018-10998",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-10998",
"Impact": "Low",
"Public": "20180512"
},
{
"ID": "CVE-2018-11531",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-11531",
"Impact": "Critical",
"Public": "20180529"
},
{
"ID": "CVE-2018-12264",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-12264",
"Impact": "High",
"Public": "20180613"
},
{
"ID": "CVE-2018-12265",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-12265",
"Impact": "High",
"Public": "20180613"
},
{
"ID": "CVE-2018-14046",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14046",
"Impact": "High",
"Public": "20180713"
},
{
"ID": "CVE-2018-5772",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5772",
"Impact": "Low",
"Public": "20180118"
},
{
"ID": "CVE-2018-8976",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-8976",
"Impact": "Low",
"Public": "20180325"
},
{
"ID": "CVE-2018-8977",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-8977",
"Impact": "Low",
"Public": "20180325"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20182105001",
"Comment": "exiv2 is earlier than 0:0.26-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182105002",
"Comment": "libexiv2 is earlier than 0:0.26-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182105003",
"Comment": "libexiv2-devel is earlier than 0:0.26-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink