Hide Forgot
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. Reference: https://github.com/Exiv2/exiv2/issues/789 https://github.com/Exiv2/exiv2/pull/794
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1728482]
Upstream patch: https://github.com/Exiv2/exiv2/commit/8cd95e221889e41e9cc153e2cfb5a7b41c7bc7a4
Statement: This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6, 7, and 8 as they did not include the vulnerable code.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-13108
The commits that introduce the vulnerable code are: https://github.com/Exiv2/exiv2/commit/88f22e13cb1917ac94a95f95f74c9ee93c5472c8 (for the 0.27 version, introduced in 0.27.1) https://github.com/Exiv2/exiv2/commit/9a38066b8eddf3948696a3362aac29e012ebe690 (on master)
Red Hat Enterprise Linux 7.7 ships exiv2 0.27.0, thus it is not vulnerable to this flaw.