ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0415
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0415)
Resumen:	The remote host is missing an update for the 'exiv2' package(s) announced via the MGASA-2019-0415 advisory.
Descripción:	Summary: The remote host is missing an update for the 'exiv2' package(s) announced via the MGASA-2019-0415 advisory. Vulnerability Insight: The updated packages fix security vulnerabilities: An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. (CVE-2019-13108) An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction. (CVE-2019-13109) A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. (CVE-2019-13110) A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. (CVE-2019-13112) Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. (CVE-2019-13113) http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. (CVE-2019-13114) Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size. (CVE-2019-17402) Affected Software/OS: 'exiv2' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-13108 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/ https://github.com/Exiv2/exiv2/issues/789 https://github.com/Exiv2/exiv2/pull/794 Common Vulnerability Exposure (CVE) ID: CVE-2019-13109 https://github.com/Exiv2/exiv2/issues/790 https://github.com/Exiv2/exiv2/pull/795 Common Vulnerability Exposure (CVE) ID: CVE-2019-13110 https://github.com/Exiv2/exiv2/issues/843 https://github.com/Exiv2/exiv2/pull/844 https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://usn.ubuntu.com/4056-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-13112 https://github.com/Exiv2/exiv2/issues/845 https://github.com/Exiv2/exiv2/pull/846 Common Vulnerability Exposure (CVE) ID: CVE-2019-13113 https://github.com/Exiv2/exiv2/issues/841 https://github.com/Exiv2/exiv2/pull/842 Common Vulnerability Exposure (CVE) ID: CVE-2019-13114 https://github.com/Exiv2/exiv2/issues/793 https://github.com/Exiv2/exiv2/pull/815 SuSE Security Announcement: openSUSE-SU-2020:0482 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2019-17402 https://github.com/Exiv2/exiv2/issues/1019 https://lists.debian.org/debian-lts-announce/2019/12/msg00001.html https://usn.ubuntu.com/4159-1/
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.