Описание
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case.
An out-of-bounds read vulnerability has been discovered in IptcData::printStructure in iptc.cpp file of Exiv2 0.26. An attacker could cause a crash or an information leak by providing a crafted image.
Отчет
This issue did not affect the versions of Exiv2 as shipped with Red Hat Enterprise Linux 6 and 7, up to 7.4, as they did not include support for printing IPTC Photo Metadata.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | exiv2 | Not affected | ||
| Red Hat Enterprise Linux 7 | exiv2 | Fixed | RHSA-2019:2101 | 06.08.2019 |
| Red Hat Enterprise Linux 8 | exiv2 | Fixed | RHSA-2020:1577 | 28.04.2020 |
| Red Hat Enterprise Linux 8 | gegl | Fixed | RHSA-2020:1577 | 28.04.2020 |
| Red Hat Enterprise Linux 8 | gnome-color-manager | Fixed | RHSA-2020:1577 | 28.04.2020 |
| Red Hat Enterprise Linux 8 | libgexiv2 | Fixed | RHSA-2020:1577 | 28.04.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case.
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case.
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in ip ...
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case.
EPSS
4.4 Medium
CVSS3