Bugzilla – Bug 1115364
VUL-1: CVE-2018-19108: exiv2: denial of service in Exiv2::PsdImage::readMetadata caused by crafted PSD image file
Last modified: 2024-07-25 03:44:50 UTC
CVE-2018-19108 In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19108 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19108.html https://github.com/Exiv2/exiv2/issues/426
Hi Dirk, the upstream change is this one: https://github.com/Exiv2/exiv2/pull/518/files My investigation suggests that these codestreams are affected: - SUSE:SLE-15:Update/exiv2 - SUSE:SLE-12:Update/exiv2 - SUSE:SLE-11:Update/exiv2
Created attachment 789185 [details] QA Reproducer (1) $ exiv2 h01.psd binary does not exit
Created attachment 789186 [details] QA Reproducer (2) $ exiv2 h02.psd binary does not exit
NOTE: patch for this issue seems to be the same as for bnc#1115374
So this is likely fixed by commit 68966932510213b5656fcf433ab6d7e26f48e23b Author: Luis Diaz Mas <piponazo@gmail.com> Date: Sun Nov 4 22:33:03 2018 +0100 PSD: Use Safe::add for preventing overflows in PSD files commit b7c71f3ad0386cd7af3b73443c0615ada073f0d5 Author: Luis Diaz Mas <piponazo@gmail.com> Date: Mon Nov 5 13:30:18 2018 +0100 PSD: enforce Length of image resource section < file size so this is SLE-12 (v0.23) and SLE-15 (v0.26) being affected.
SUSE-SU-2020:0921-1: An update that fixes 11 vulnerabilities is now available. Category: security (moderate) Bug References: 1040973,1068873,1088424,1097599,1097600,1109175,1109176,1109299,1115364,1117513,1142684 CVE References: CVE-2017-1000126,CVE-2017-9239,CVE-2018-12264,CVE-2018-12265,CVE-2018-17229,CVE-2018-17230,CVE-2018-17282,CVE-2018-19108,CVE-2018-19607,CVE-2018-9305,CVE-2019-13114 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): exiv2-0.26-6.8.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src): exiv2-0.26-6.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:0482-1: An update that fixes 11 vulnerabilities is now available. Category: security (moderate) Bug References: 1040973,1068873,1088424,1097599,1097600,1109175,1109176,1109299,1115364,1117513,1142684 CVE References: CVE-2017-1000126,CVE-2017-9239,CVE-2018-12264,CVE-2018-12265,CVE-2018-17229,CVE-2018-17230,CVE-2018-17282,CVE-2018-19108,CVE-2018-19607,CVE-2018-9305,CVE-2019-13114 Sources used: openSUSE Leap 15.1 (src): exiv2-0.26-lp151.7.3.1
This is an autogenerated message for OBS integration: This bug (1115364) was mentioned in https://build.opensuse.org/request/show/1007902 Factory / exiv2