VDB
GCVE-VVD-MAGEIA-2019-415
GCVE-VVD-MAGEIA-2019-415
Advisory Published
The updated packages fix security vulnerabilities:
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause
a denial of service (SIGSEGV) via a crafted PNG image file, because
PngImage::readMetadata mishandles a zero value for iccOffset.
(CVE-2019-13108)
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause
a denial of service (SIGSEGV) via a crafted PNG image file, because
PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.
(CVE-2019-13109)
A CiffDirectory::readDirectory integer overflow and out-of-bounds read
in Exiv2 through 0.27.1 allows an attacker to cause a denial of service
(SIGSEGV) via a crafted CRW image file. (CVE-2019-13110)
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2
through 0.27.1 allows an attacker to cause a denial of service (crash
due to an std::bad_alloc exception) via a crafted PNG image file.
(CVE-2019-13112)
Exiv2 through 0.27.1 allows an attacker to cause a denial of service
(crash due to assertion failure) via an invalid data location in a
CRW image file. (CVE-2019-13113)
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a
denial of service (crash due to a NULL pointer dereference) by returning
a crafted response that lacks a space character. (CVE-2019-13114)
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in
types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory
in crwimage_int.cpp, because there is no validation of the relationship
of the total size to the offset and size. (CVE-2019-17402)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | exiv2 | 0 (affected), 0.27.1-3.2.mga7 (unaffected) | — |
Aliases
Transitive aliases
EUVD-2019-4654CVE-2018-9303GHSA-crvf-2mp8-85gmEUVD-2018-20897EUVD-2020-0077BDU:2023-01645GHSA-4256-mfgg-45jqGSD-2018-14338GSD-2019-20421GSD-2019-14370PYSEC-2019-244BDU:2020-02399PYSEC-2018-134PYSEC-2020-344BDU:2023-05469GHSA-6f7h-8q6h-fvcxPYSEC-2019-246BDU:2020-02397CVE-2018-17230EUVD-2018-20900CNVD-2019-32254EUVD-2018-0069VVD-MAGEIA-2020-196CVE-2018-9304CVE-2018-4868GSD-2018-17230CNVD-2018-19608GHSA-824g-h3q7-mx9vCVE-2019-14369EUVD-2019-0051GHSA-7jp6-64vf-6wq3CVE-2018-17229CVE-2017-18005GHSA-m3fr-3g6g-rc8xCNVD-2018-19609GSD-2017-18005CNVD-2018-02169PYSEC-2019-245EUVD-2019-4653GHSA-5w5r-cgx2-jf78EUVD-2019-4655GSD-2018-4868CNVD-2018-03077CNVD-2019-34612EUVD-2019-0049GHSA-6cf5-9vcc-r289PYSEC-2018-137BDU:2021-01492EUVD-2019-0053GHSA-pvvg-cg5r-2q8vGHSA-8x93-7gj9-73c3GHSA-mv4f-jcrp-vghhEUVD-2019-4649GHSA-x4fr-qpcc-rhwwGHSA-798v-99wc-4f26CVE-2018-14338EUVD-2018-0062MSRC_CVE-2019-20421BDU:2020-02398CVE-2019-20421GSD-2019-9143EUVD-2018-0061PYSEC-2018-136PYSEC-2018-144CVE-2019-14368EUVD-2018-0059GHSA-p4gw-2vrq-j64qVVD-GENTOO-2019-701902GSD-2018-17229EUVD-2019-0050GSD-2019-14369CNVD-2019-24853CVE-2018-9306CVE-2019-13111GHSA-78r6-w4c8-vpmpEUVD-2018-20898BDU:2023-01660GSD-2019-14368ALSA-2020:1577EUVD-2019-4650CVE-2019-9143GHSA-vcrp-2wmj-jrg8EUVD-2017-0055BDU:2023-01656BDU:2020-02400EUVD-2019-4651GHSA-hmv7-h8ff-46mmPYSEC-2017-141CVE-2019-14370CNVD-2019-24854GHSA-f8xc-4q5g-48f2VVD-MAGEIA-2020-84PYSEC-2019-248EUVD-2019-4652GHSA-766f-8g6j-2m24
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.