Описание
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat Enterprise Linux 6 | exiv2 | Out of support scope | ||
Red Hat Enterprise Linux 7 | exiv2 | Fix deferred | ||
Red Hat Enterprise Linux 8 | exiv2 | Fixed | RHSA-2020:1577 | 28.04.2020 |
Red Hat Enterprise Linux 8 | gegl | Fixed | RHSA-2020:1577 | 28.04.2020 |
Red Hat Enterprise Linux 8 | gnome-color-manager | Fixed | RHSA-2020:1577 | 28.04.2020 |
Red Hat Enterprise Linux 8 | libgexiv2 | Fixed | RHSA-2020:1577 | 28.04.2020 |
Показывать по
Дополнительная информация
Статус:
3.3 Low
CVSS3
Связанные уязвимости
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.
An integer overflow in Exiv2 through 0.27.1 allows an attacker to caus ...
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.
3.3 Low
CVSS3