Note:
This project will be discontinued after December 13, 2021. [more]
2018-06-13
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
| Products | Ubuntu_linux, Debian_linux, Exiv2 |
| Type | Out-of-bounds Read (CWE-125) Integer Overflow or Wraparound (CWE-190) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://github.com/TeamSeri0us/pocs/blob/master/exiv2/2-out-of-read-Poc
• https://github.com/Exiv2/exiv2/issues/366 • https://usn.ubuntu.com/3700-1/ • https://access.redhat.com/errata/RHSA-2019:2101 • https://security.gentoo.org/glsa/201811-14 |