Hide Forgot
A flaw was found in Exiv2 0.26. A heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader). This could lead to a denial of service caused by an integer overflow via a crafted PSD image file. References: https://github.com/Exiv2/exiv2/issues/427 Upstream Patch: https://github.com/Exiv2/exiv2/pull/518
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1649095]
Upstream fixes: https://github.com/Exiv2/exiv2/commit/68966932510213b5656fcf433ab6d7e26f48e23b https://github.com/Exiv2/exiv2/commit/b7c71f3ad0386cd7af3b73443c0615ada073f0d5
Statement: This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2101 https://access.redhat.com/errata/RHSA-2019:2101
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-19107
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1577 https://access.redhat.com/errata/RHSA-2020:1577