CVE-2018-19535
Published: 25 November 2018
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
Notes
| Author | Note |
|---|---|
| mdeslaur | 1-byte invalid read |
Priority
CVSS 3 base score: 6.5
Status
| Package | Release | Status |
|---|---|---|
|
exiv2 Launchpad, Ubuntu, Debian |
bionic |
Released
(0.25-3.1ubuntu0.18.04.3)
|
| cosmic |
Released
(0.25-4ubuntu0.2)
|
|
| disco |
Released
(0.25-4ubuntu1.1)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was needed)
|
|
| upstream |
Released
(0.27-RC1)
|
|
| xenial |
Released
(0.25-2.1ubuntu16.04.4)
|