[Pkg-kde-extras] Bug#915135: exiv2: CVE-2018-19535
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 30 20:40:59 GMT 2018
Source: exiv2
Version: 0.25-4
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/Exiv2/exiv2/issues/428
Hi,
The following vulnerability was published for exiv2.
CVE-2018-19535[0]:
| In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in
| pngchunk_int.cpp may cause a denial of service (application crash due
| to a heap-based buffer over-read) via a crafted PNG file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-19535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19535
[1] https://github.com/Exiv2/exiv2/issues/428
[2] https://github.com/Exiv2/exiv2/pull/430
Please adjust the affected versions in the BTS as needed. The
vulnerable code is at least already present in 0.25-4 but I guess
even in stretch version (but not checked).
Regards,
Salvatore
More information about the pkg-kde-extras
mailing list