First published: Thu Nov 08 2018(Updated: )
A flaw was found in Exiv2 0.26. A heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader). This could lead to a denial of service caused by an integer overflow via a crafted PSD image file. References: <a href="https://github.com/Exiv2/exiv2/issues/427">https://github.com/Exiv2/exiv2/issues/427</a> Upstream Patch: <a href="https://github.com/Exiv2/exiv2/pull/518">https://github.com/Exiv2/exiv2/pull/518</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Exiv2 Exiv2 | =0.26 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =10.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Canonical Ubuntu Linux | =19.04 | |
debian/exiv2 | 0.27.3-3+deb11u2 0.27.3-3+deb11u1 0.27.6-1 0.28.3+dfsg-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.