CVE-2019-13111
30.06.2019, 23:15
A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| exiv2 | exiv2 | 𝑥 ≤ 0.27.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libexiv2-26 |
| ||||||||||||||||||||||||||||||
| libexiv2-27 |
| ||||||||||||||||||||||||||||||
| libexiv2-devel |
| ||||||||||||||||||||||||||||||
| libexiv2-xmp-static |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||
|---|---|---|---|
| exiv2 |
| ||
| exiv2-devel |
| ||
| exiv2-doc |
| ||
| exiv2-libs |
| ||
| gegl |
| ||
| gnome-color-manager |
| ||
| libgexiv2 |
| ||
| libgexiv2-devel |
|
References