Lucene search
Ubuntu.comUB:CVE-2019-13108HistoryJun 30, 2019 - 12:00 a.m.
CVE-2019-13108
2019-06-3000:00:00
ubuntu.com
ubuntu.com
5
0.002 Low
EPSS
Percentile
54.3%
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a
denial of service (SIGSEGV) via a crafted PNG image file, because
PngImage::readMetadata mishandles a zero value for iccOffset.
Notes
| Author | Note |
|---|---|
| leosilva | in Xenial, Bionic, Cosmic and Disco, the poc does SIGSEGV but instead raise the Error(21) “Failed to read input data”, what I believe is the expected behavior. Also, iccOffset code is not-present. |
Related
cvelist
cvelist
CVE-2019-13108
2019-06-30 22:19:48
alpinelinux
alpinelinux
CVE-2019-13108
2019-06-30 23:15:00
prion
prion
Integer overflow
2019-06-30 23:15:00
redhatcve
redhatcve
CVE-2019-13108
2019-07-10 05:23:44
osv
osv
CVE-2019-13108
2019-06-30 23:15:09
veracode
veracode
Denial Of Service (DoS)
2019-07-01 05:55:19
debiancve
debiancve
CVE-2019-13108
2019-06-30 23:15:00
cve
cve
CVE-2019-13108
2019-06-30 23:15:00
ubuntucve
ubuntucve
CVE-2019-13109
2019-06-30 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: exiv2-0.27.2-1.fc30
2019-08-09 01:03:49
openvas
openvas
Fedora Update for exiv2 FEDORA-2019-60553d5a18
2019-08-09 00:00:00
Mageia: Security Advisory (MGASA-2019-0415)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3889-1)
2022-11-08 00:00:00
mageia
mageia
Updated exiv2 packages fix security vulnerabilities
2019-12-31 19:51:17
nessus
nessus
Fedora 30 : exiv2 (2019-60553d5a18)
2019-08-12 00:00:00
suse
suse
Security update for exiv2 (important)
2022-11-07 00:00:00