CVE-2018-11037

In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Affected Products (NVD)
VendorProductVersion
exiv2exiv2
0.26
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
exiv2
bookworm
0.27.6-1
fixed
bullseye
0.27.3-3+deb11u2
fixed
bullseye (security)
0.27.3-3+deb11u1
fixed
buster
ignored
jessie
not-affected
sid
0.28.3+dfsg-2
fixed
stretch
ignored
trixie
0.28.3+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
exiv2
artful
ignored
bionic
ignored
trusty
dne
xenial
ignored
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
exiv2
RHEL 7
0:0.27.0-2.el7_6
fixed
RHEL 8
0:0.27.2-5.el8
fixed
exiv2-devel
RHEL 7
0:0.27.0-2.el7_6
fixed
RHEL 8
0:0.27.2-5.el8
fixed
exiv2-doc
RHEL 7
0:0.27.0-2.el7_6
fixed
RHEL 8
0:0.27.2-5.el8
fixed
exiv2-libs
RHEL 7
0:0.27.0-2.el7_6
fixed
RHEL 8
0:0.27.2-5.el8
fixed
gegl
RHEL 8
0:0.2.0-39.el8
fixed
gnome-color-manager
RHEL 8
0:3.28.0-3.el8
fixed
libgexiv2
RHEL 8
0:0.10.8-4.el8
fixed
libgexiv2-devel
RHEL 8
0:0.10.8-4.el8
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2019:2101
https://github.com/Exiv2/exiv2/issues/307
https://security.gentoo.org/glsa/201811-14
https://access.redhat.com/errata/RHSA-2019:2101
https://github.com/Exiv2/exiv2/issues/307
https://security.gentoo.org/glsa/201811-14