[Pkg-kde-extras] Bug#888862: exiv2: CVE-2018-5772
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 30 19:22:13 UTC 2018
Source: exiv2
Version: 0.26-1
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for exiv2, and is only
affecting experimental version. Marking grave to indicate should not
go into unstable (the issue itself does not really warrant grave
severity, so if you strongly disagree downgrade, important is just
that no unfixed version goes to unstable :)).
CVE-2018-5772[0]:
| In Exiv2 0.26, there is a segmentation fault caused by uncontrolled
| recursion in the Exiv2::Image::printIFDStructure function in the
| image.cpp file. Remote attackers could leverage this vulnerability to
| cause a denial of service via a crafted tif file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-5772
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5772
[1] https://github.com/Exiv2/exiv2/issues/216
Regards,
Salvatore
More information about the pkg-kde-extras
mailing list