CVE-2019-13108

Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13108.json
Published
2019-06-30T23:15:00Z
Modified
2023-03-24T21:53:36.297690Z
Details

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.

References

Affected packages

Alpine:v3.11 / exiv2

exiv2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
0.27.2-r0

Affected versions

0.*

0.21-r0
0.21.1-r0
0.21.1-r1
0.22-r0
0.23-r0
0.24-r0
0.24-r1
0.25-r1
0.26-r1