exiv2: Multiple vulnerabilities (CVE-2019-13108, CVE-2019-13109, CVE-2019-13110, CVE-2019-13111, CVE-2019-13112, CVE-2019-13113, CVE-2019-13114)ID: oval:org.secpod.oval:def:1802001 | Date: (C)2022-03-25 (M)2024-02-19 |
Class: PATCH | Family: unix |
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service via a crafted CRW image file.
Platform: |
Alpine Linux 3.11 |
Alpine Linux 3.12 |
Alpine Linux 3.13 |
Alpine Linux 3.14 |
Alpine Linux 3.15 |