CVE-2018-19108

Published: 8 November 2018

In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.

Notes

Author	Note
mdeslaur	infinite loop

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
exiv2 Launchpad, Ubuntu, Debian	bionic	Released (0.25-3.1ubuntu0.18.04.3)
	cosmic	Released (0.25-4ubuntu0.2)
	disco	Released (0.25-4ubuntu1.1)
	precise	Does not exist
	trusty	Does not exist (trusty was needed)
	upstream	Needs triage
	xenial	Released (0.25-2.1ubuntu16.04.4)
	Patches: upstream: https://github.com/Exiv2/exiv2/commit/68966932510213b5656fcf433ab6d7e26f48e23b upstream: https://github.com/Exiv2/exiv2/commit/b7c71f3ad0386cd7af3b73443c0615ada073f0d5

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›