Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2019-13114

Published: 30 June 2019

http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
exiv2
Launchpad, Ubuntu, Debian
bionic
Released (0.25-3.1ubuntu0.18.04.3)
cosmic
Released (0.25-4ubuntu0.2)
disco
Released (0.25-4ubuntu1.1)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (0.25-2.1ubuntu16.04.4)