CVE-2019-13108

Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13108.json

Published

2019-06-30T23:15:00Z

Modified

2023-03-24T21:53:36.297690Z

Details

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.

References

https://github.com/Exiv2/exiv2/issues/789
https://github.com/Exiv2/exiv2/pull/794
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/

Affected packages

Alpine:v3.11 / exiv2

exiv2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Fixed

0.27.2-r0

Affected versions

0.*

0.21-r0

0.21.1-r0

0.21.1-r1

0.22-r0

0.23-r0

0.24-r0

0.24-r1

0.25-r1

0.26-r1