Summary: | <media-gfx/exiv2-0.27.0: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled, kde |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 678426 | ||
Bug Blocks: |
Description
D'juan McDonald (domhnall)
2019-03-05 01:53:50 UTC
With media-gfx/exiv2-0.27.0-r2 we are not affected: $ exiv2 -b -u -k -p R pr exiv2: Action not available in Release mode: 'R' Cleanup currently depends on darktable-2.6.0 stabilisation. @maintainers, please drop the vulnerable Cleanup done. (In reply to Michael Palimaka (kensington) from comment #3) > Cleanup done. Thanks, Michael! CVE-2018-19535 (https://github.com/Exiv2/exiv2/issues/428): In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file. CVE-2018-19108 (https://github.com/Exiv2/exiv2/issues/426): In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. CVE-2018-17581 (https://github.com/Exiv2/exiv2/issues/460): CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. |