Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Mageia Exiv2 Update: MGASA-2019-0415 Moderate: Integer Overflow DoS

mageia
Calendar Grey December 31, 2019
Dist Mageia Esm H88
Revised Exiv2 distributions in Mageia address security flaws that might lead to denial of service incidents.
The updated packages fix security vulnerabilities: An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image fi...

Summary

The updated packages fix security vulnerabilities:
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. (CVE-2019-13108)
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction. (CVE-2019-13109)
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. (CVE-2019-13110)
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. (CVE-2019-13112)
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (cra...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=25280

- https://ubuntu.com/security/notices/USN-4056-1

- https://ubuntu.com/security/notices/USN-4159-1

- https://www.cve.org/CVERecord?id=CVE-2019-13108

- https://www.cve.org/CVERecord?id=CVE-2019-13109

- https://www.cve.org/CVERecord?id=CVE-2019-13110

- https://www.cve.org/CVERecord?id=CVE-2019-13112

- https://www.cve.org/CVERecord?id=CVE-2019-13113

- https://www.cve.org/CVERecord?id=CVE-2019-13114

- https://www.cve.org/CVERecord?id=CVE-2019-17402

Topics%20covered

Topics Covered

security advisory denial of service integer overflow Mageia Exiv2

Resolution

SRPMS

- 7/core/exiv2-0.27.1-3.2.mga7

Publication date: 31 Dec 2019
URL: https://advisories.mageia.org/MGASA-2019-0415.html
Type: security
CVE: CVE-2019-13108, CVE-2019-13109, CVE-2019-13110, CVE-2019-13112, CVE-2019-13113, CVE-2019-13114, CVE-2019-17402

Topics%20covered

Topics Covered

security advisory denial of service integer overflow Mageia Exiv2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here