Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-10772

Опубликовано: 12 апр. 2018
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6exiv2Not affected
Red Hat Enterprise Linux 7exiv2FixedRHSA-2019:210106.08.2019
Red Hat Enterprise Linux 8exiv2FixedRHSA-2020:157728.04.2020
Red Hat Enterprise Linux 8geglFixedRHSA-2020:157728.04.2020
Red Hat Enterprise Linux 8gnome-color-managerFixedRHSA-2020:157728.04.2020
Red Hat Enterprise Linux 8libgexiv2FixedRHSA-2020:157728.04.2020

Показывать по

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1594627exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file

EPSS

Процентиль: 56%
0.00342
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

CVSS3: 6.5
ubuntu
больше 7 лет назад

The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

CVSS3: 6.5
nvd
больше 7 лет назад

The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

CVSS3: 6.5
debian
больше 7 лет назад

The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allow ...

CVSS3: 6.5
github
около 3 лет назад

The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

suse-cvrf
почти 3 года назад

Security update for exiv2

EPSS

Процентиль: 56%
0.00342
Низкий

4.3 Medium

CVSS3