Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-13111

Опубликовано: 30 июн. 2019
Источник: redhat
CVSS3: 3.3

Описание

A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6exiv2Out of support scope
Red Hat Enterprise Linux 7exiv2Fix deferred
Red Hat Enterprise Linux 8exiv2FixedRHSA-2020:157728.04.2020
Red Hat Enterprise Linux 8geglFixedRHSA-2020:157728.04.2020
Red Hat Enterprise Linux 8gnome-color-managerFixedRHSA-2020:157728.04.2020
Red Hat Enterprise Linux 8libgexiv2FixedRHSA-2020:157728.04.2020

Показывать по

Дополнительная информация

Статус:

Low
Дефект:
CWE-190->CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1728488exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service

3.3 Low

CVSS3

Связанные уязвимости

CVSS3: 5.5
ubuntu
около 6 лет назад

A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.

CVSS3: 5.5
nvd
около 6 лет назад

A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.

CVSS3: 5.5
debian
около 6 лет назад

A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 all ...

CVSS3: 5.5
github
около 3 лет назад

A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.

suse-cvrf
почти 3 года назад

Security update for exiv2

3.3 Low

CVSS3