MGASA-2020-0196 - Updated exiv2 packages fix security vulnerability Publication date: 05 May 2020 URL: https://advisories.mageia.org/MGASA-2020-0196.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-13111 The updated packages fix a security vulnerability: A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file. (CVE-2019-13111) References: - https://bugs.mageia.org/show_bug.cgi?id=26561 - https://access.redhat.com/errata/RHSA-2020:1577 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13111 SRPMS: - 7/core/exiv2-0.27.1-3.4.mga7
Mageia 2020-0196: exiv2 security update
The updated packages fix a security vulnerability: A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap a...
Summary
The updated packages fix a security vulnerability:
A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1
allows an attacker to cause a denial of service (large heap allocation
followed by a very long running loop) via a crafted WEBP image file.
(CVE-2019-13111)
References
- https://bugs.mageia.org/show_bug.cgi?id=26561
- https://access.redhat.com/errata/RHSA-2020:1577
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13111
Resolution
MGASA-2020-0196 - Updated exiv2 packages fix security vulnerability
SRPMS
- 7/core/exiv2-0.27.1-3.4.mga7
Severity
Publication date: 05 May 2020
URL: https://advisories.mageia.org/MGASA-2020-0196.html
Type: security
CVE: CVE-2019-13111
News
HOWTOs
Features
About Us
Powered By
