CVE-2018-19535

Published: 25 November 2018

In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
exiv2
Launchpad, Ubuntu, Debian
Upstream
Released (0.27-RC1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (0.25-3.1ubuntu0.18.04.3)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (0.25-2.1ubuntu16.04.4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)