CVE-2018-19535
Published: 25 November 2018
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
Priority
CVSS 3 base score: 6.5
Notes
Author | Note |
---|---|
mdeslaur | 1-byte invalid read |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19535
- https://github.com/Exiv2/exiv2/pull/430
- https://usn.ubuntu.com/usn/usn-4056-1
- NVD
- Launchpad
- Debian