user/exiv2: multiple vulnerabilities
Bugzilla ID | 125 |
Alias(es) | CVE-2019-13108, CVE-2019-13109, CVE-2019-13110, CVE-2019-13111, CVE-2019-13112, CVE-2019-13113, CVE-2019-13114 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-07-29 04:17:40 -0500 |
Modified | 2019-08-10 20:15:55 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Description
CVE-2019-13108: https://nvd.nist.gov/vuln/detail/CVE-2019-13108
An integer overflow in Exiv2 through 0.27.1 allows an attacker to
cause a denial of service (SIGSEGV) via a crafted PNG image file,
because PngImage::readMetadata mishandles a zero value for iccOffset.
CVE-2019-13109: https://nvd.nist.gov/vuln/detail/CVE-2019-13109
An integer overflow in Exiv2 through 0.27.1 allows an attacker to
cause a denial of service (SIGSEGV) via a crafted PNG image file,
because PngImage::readMetadata mishandles a chunkLength - iccOffset
subtraction.
CVE-2019-13110: https://nvd.nist.gov/vuln/detail/CVE-2019-13110
A CiffDirectory::readDirectory integer overflow and out-of-bounds read
in Exiv2 through 0.27.1 allows an attacker to cause a denial of
service (SIGSEGV) via a crafted CRW image file.
CVE-2019-13111: https://nvd.nist.gov/vuln/detail/CVE-2019-13111
A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1
allows an attacker to cause a denial of service (large heap allocation
followed by a very long running loop) via a crafted WEBP image file.
CVE-2019-13112: https://nvd.nist.gov/vuln/detail/CVE-2019-13112
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2
through 0.27.1 allows an attacker to cause a denial of service (crash
due to an std::bad_alloc exception) via a crafted PNG image file.
CVE-2019-13113: https://nvd.nist.gov/vuln/detail/CVE-2019-13113
Exiv2 through 0.27.1 allows an attacker to cause a denial of service
(crash due to assertion failure) via an invalid data location in a CRW
image file.
CVE-2019-13114: https://nvd.nist.gov/vuln/detail/CVE-2019-13114
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause
a denial of service (crash due to a NULL pointer dereference) by
returning a crafted response that lacks a space character.