Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-13109

Опубликовано: 30 июн. 2019
Источник: redhat
CVSS3: 3.3

Описание

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6exiv2Out of support scope
Red Hat Enterprise Linux 7exiv2Fix deferred
Red Hat Enterprise Linux 8exiv2FixedRHSA-2020:157728.04.2020
Red Hat Enterprise Linux 8geglFixedRHSA-2020:157728.04.2020
Red Hat Enterprise Linux 8gnome-color-managerFixedRHSA-2020:157728.04.2020
Red Hat Enterprise Linux 8libgexiv2FixedRHSA-2020:157728.04.2020

Показывать по

Дополнительная информация

Статус:

Low
Дефект:
CWE-190->CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1728484exiv2: denial of service in PngImage::readMetadata

3.3 Low

CVSS3

Связанные уязвимости

CVSS3: 6.5
ubuntu
около 6 лет назад

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.

CVSS3: 6.5
nvd
около 6 лет назад

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.

CVSS3: 6.5
debian
около 6 лет назад

An integer overflow in Exiv2 through 0.27.1 allows an attacker to caus ...

CVSS3: 6.5
github
около 3 лет назад

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.

suse-cvrf
больше 2 лет назад

Security update for exiv2

3.3 Low

CVSS3