Note:
This project will be discontinued after December 13, 2021. [more]
2018-06-13
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
| Products | Ubuntu_linux, Debian_linux, Exiv2 |
| Type | Out-of-bounds Read (CWE-125) Integer Overflow or Wraparound (CWE-190) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://github.com/TeamSeri0us/pocs/blob/master/exiv2/1-out-of-read-Poc
• https://access.redhat.com/errata/RHSA-2019:2101 • https://security.gentoo.org/glsa/201811-14 • https://www.debian.org/security/2018/dsa-4238 • https://github.com/Exiv2/exiv2/issues/365 |