Attachment #226137 for bug #256803

View | Details | Raw Unified | Return to bug 256803 | Differences between
Collapse All | Expand All




  <vuln vid="d49f86ab-d9c7-11eb-a200-00155d01f201">
    <topic>Exiv2 -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>exiv2</name>
	<range><lt>0.27.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Exiv2 teams reports:</p>
	<blockquote cite="https://github.com/Exiv2/exiv2/security/advisories">
	  <p>Multiple vulnerabilities covering buffer overflows, out-of-bounds,
	    read of uninitialized memory and denial of serivce. The heap
	    overflow is triggered when Exiv2 is used to read the metadata of
	    a crafted image file. An attacker could potentially exploit the
	    vulnerability to gain code execution, if they can trick the victim
	    into running Exiv2 on a crafted image file. The out-of-bounds read
	    is triggered when Exiv2 is used to write metadata into a crafted
	    image file. An attacker could potentially exploit the vulnerability
	    to cause a denial of service by crashing Exiv2, if they can trick
	    the victim into running Exiv2 on a crafted image file. The read of
	    uninitialized memory is triggered when Exiv2 is used to read the
	    metadata of a crafted image file. An attacker could potentially
	    exploit the vulnerability to leak a few bytes of stack memory, if
	    they can trick the victim into running Exiv2 on a crafted image
	    file.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-29457</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm</url>
      <cvename>CVE-2021-29458</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5</url>
      <cvename>CVE-2021-29463</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr</url>
      <cvename>CVE-2021-29464</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p</url>
      <cvename>CVE-2021-29470</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj</url>
      <cvename>CVE-2021-29473</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2</url>
      <cvename>CVE-2021-29623</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v</url>
      <cvename>CVE-2021-32617</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj</url>
      <cvename>CVE-2021-3482</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jp9-m3fv-2vg9</url>
    </references>
    <dates>
      <discovery>2021-04-25</discovery>
      <entry>2021-06-30</entry>
    </dates>
  </vuln>

  <vuln vid="7003b62d-7252-46ff-a9df-1b1900f1e65b">
    <topic>RabbitMQ -- Denial of Service via improper input validation</topic>
    <affects>

Return to bug 256803

Lines 1-3 Link Here

(-)b/security/vuxml/vuln-2021.xml (+56 lines)
		1	<vuln vid="d49f86ab-d9c7-11eb-a200-00155d01f201">
		2	<topic>Exiv2 -- Multiple vulnerabilities</topic>
		3	<affects>
		4	<package>
		5	<name>exiv2</name>
		6	<range><lt>0.27.4</lt></range>
		7	</package>
		8	</affects>
		9	<description>
		10	<body xmlns="http://www.w3.org/1999/xhtml">
		11	<p>Exiv2 teams reports:</p>
		12	<blockquote cite="https://github.com/Exiv2/exiv2/security/advisories">
		13	<p>Multiple vulnerabilities covering buffer overflows, out-of-bounds,
		14	read of uninitialized memory and denial of serivce. The heap
		15	overflow is triggered when Exiv2 is used to read the metadata of
		16	a crafted image file. An attacker could potentially exploit the
		17	vulnerability to gain code execution, if they can trick the victim
		18	into running Exiv2 on a crafted image file. The out-of-bounds read
		19	is triggered when Exiv2 is used to write metadata into a crafted
		20	image file. An attacker could potentially exploit the vulnerability
		21	to cause a denial of service by crashing Exiv2, if they can trick
		22	the victim into running Exiv2 on a crafted image file. The read of
		23	uninitialized memory is triggered when Exiv2 is used to read the
		24	metadata of a crafted image file. An attacker could potentially
		25	exploit the vulnerability to leak a few bytes of stack memory, if
		26	they can trick the victim into running Exiv2 on a crafted image
		27	file.</p>
		28	</blockquote>
		29	</body>
		30	</description>
		31	<references>
		32	<cvename>CVE-2021-29457</cvename>
		33	<url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm</url>
		34	<cvename>CVE-2021-29458</cvename>
		35	<url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5</url>
		36	<cvename>CVE-2021-29463</cvename>
		37	<url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr</url>
		38	<cvename>CVE-2021-29464</cvename>
		39	<url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p</url>
		40	<cvename>CVE-2021-29470</cvename>
		41	<url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj</url>
		42	<cvename>CVE-2021-29473</cvename>
		43	<url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2</url>
		44	<cvename>CVE-2021-29623</cvename>
		45	<url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v</url>
		46	<cvename>CVE-2021-32617</cvename>
		47	<url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj</url>
		48	<cvename>CVE-2021-3482</cvename>
		49	<url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jp9-m3fv-2vg9</url>
		50	</references>
		51	<dates>
		52	<discovery>2021-04-25</discovery>
		53	<entry>2021-06-30</entry>
		54	</dates>
		55	</vuln>
		56
1	<vuln vid="7003b62d-7252-46ff-a9df-1b1900f1e65b">	57	<vuln vid="7003b62d-7252-46ff-a9df-1b1900f1e65b">
2	<topic>RabbitMQ -- Denial of Service via improper input validation</topic>	58	<topic>RabbitMQ -- Denial of Service via improper input validation</topic>
3	<affects>	59	<affects>