Описание
Security update for exiv2
This update for exiv2 fixes the following issues:
- CVE-2018-19535: Fixed a heap-based buffer over-read which may cause a DoS via a crafted PNG file. (bsc#1117291)
Список пакетов
SUSE Linux Enterprise Server 12 SP5
libexiv2-12-0.23-12.21.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libexiv2-12-0.23-12.21.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libexiv2-devel-0.23-12.21.1
Ссылки
- Link for SUSE-SU-2023:4070-1
- E-Mail link for SUSE-SU-2023:4070-1
- SUSE Security Ratings
- SUSE Bug 1117291
- SUSE CVE CVE-2018-19535 page
Описание
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libexiv2-12-0.23-12.21.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexiv2-12-0.23-12.21.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libexiv2-devel-0.23-12.21.1
Ссылки
- CVE-2018-19535
- SUSE Bug 1117291