Note:
This project will be discontinued after December 13, 2021. [more]
2019-08-12
In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. It can lead to a buffer overflow vulnerability and a crash.
Products | Exiv2 |
Type | Integer Overflow or Wraparound (CWE-190) |
First patch | - None (likely due to unavailable code) |
Links |
• https://github.com/Exiv2/exiv2/compare/v0.27.2-RC2...v0.27.2
• https://github.com/Exiv2/exiv2/issues/960 • https://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62 |