CVE-2019-13108
30.06.2019, 23:15
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| exiv2 | exiv2 | 𝑥 ≤ 0.27.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libexiv2-26 |
| ||||||||||||||||||||||||
| libexiv2-27 |
| ||||||||||||||||||||||||
| libexiv2-devel |
| ||||||||||||||||||||||||
| libexiv2-xmp-static |
|
References