[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250108

 
 

909

 
 

196064

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
OVAL

exiv2: Multiple vulnerabilities (CVE-2019-13108, CVE-2019-13109, CVE-2019-13110, CVE-2019-13111, CVE-2019-13112, CVE-2019-13113, CVE-2019-13114)

ID: oval:org.secpod.oval:def:1802001Date: (C)2022-03-25   (M)2024-02-19
Class: PATCHFamily: unix




An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service via a crafted CRW image file.

Platform:
Alpine Linux 3.11
Alpine Linux 3.12
Alpine Linux 3.13
Alpine Linux 3.14
Alpine Linux 3.15
Product:
exiv2
Reference:
10725
CVE-2019-13108
CVE-2019-13109
CVE-2019-13110
CVE-2019-13111
CVE-2019-13112
CVE-2019-13113
CVE-2019-13114
CVE    7
CVE-2019-13111
CVE-2019-13110
CVE-2019-13114
CVE-2019-13113
...
CPE    2
cpe:/o:alpinelinux:alpine_linux:3.11
cpe:/a:exiv2:exiv2

© SecPod Technologies