Описание
Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| exiv2 | fixed | 0.27.2-6 | package | |
| exiv2 | not-affected | buster | package |
Примечания
https://github.com/Exiv2/exiv2/issues/828
https://github.com/Exiv2/exiv2/pull/862
Introduced by: https://github.com/Exiv2/exiv2/commit/4617dc37284bb14c15fb884a7252de7c2b8b8854
Fixed by: https://github.com/Exiv2/exiv2/commit/6068df4c01ce915befb763bd0fd718d16a5df130 (v0.27.2-RC1)
EPSS
Связанные уязвимости
Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.
Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.
Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.
Уязвимость компонента pngimage.cpp библиотеки для управления метаданными медиафайлов Exiv2 , связанная с записью за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
EPSS