A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file. Reference: https://github.com/Exiv2/exiv2/issues/791 https://github.com/Exiv2/exiv2/pull/797
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1728489]
Upstream patches: https://github.com/Exiv2/exiv2/commit/c73d1e27198a389ce7caf52ac30f8e2120acdafd [master branch] https://github.com/Exiv2/exiv2/commit/caa4e6745a76a23bb80127cf54c0d65096ae684c [0.27-maintenance branch]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1577 https://access.redhat.com/errata/RHSA-2020:1577
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-13111