Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-17402

Опубликовано: 09 окт. 2019
Источник: debian

Описание

Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
exiv2fixed0.27.3-1package
exiv2no-dsastretchpackage

Примечания

  • https://github.com/Exiv2/exiv2/issues/1019

  • https://github.com/Exiv2/exiv2/commit/88054239e3c914862d13f6ac89a19a104fa2c076 (master)

  • https://github.com/Exiv2/exiv2/commit/50e9dd964a439da357798344ed1dd86edcadf0ec (0.27-branch)

  • Follow-up: https://github.com/Exiv2/exiv2/issues/1026

Связанные уязвимости

ubuntu логотип

CVE-2019-17402

CVSS3: 6.5
ubuntu
около 6 лет назад

Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.

redhat логотип

CVE-2019-17402

CVSS3: 6.5
redhat
около 6 лет назад

Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.

nvd логотип

CVE-2019-17402

CVSS3: 6.5
nvd
около 6 лет назад

Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.

msrc логотип

CVE-2019-17402

CVSS3: 6.5
msrc
почти 4 года назад

Описание отсутствует

rocky логотип

RLSA-2021:1758

rocky
больше 4 лет назад

Low: exiv2 security, bug fix, and enhancement update