A flaw was found in Exiv2 0.26. An infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader. This could lead to a denial of service caused by an integer overflow via a crafted PSD image file. References: https://github.com/Exiv2/exiv2/issues/426 Upstream Patch: https://github.com/Exiv2/exiv2/pull/518
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1649102]
Upstream fixes: https://github.com/Exiv2/exiv2/commit/68966932510213b5656fcf433ab6d7e26f48e23b https://github.com/Exiv2/exiv2/commit/b7c71f3ad0386cd7af3b73443c0615ada073f0d5
Statement: This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2101 https://access.redhat.com/errata/RHSA-2019:2101
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-19108
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1577 https://access.redhat.com/errata/RHSA-2020:1577