exiv2: Multiple vulnerabilities (CVE-2019-13108, CVE-2019-13109, CVE-2019-13110, CVE-2019-13111, CVE-2019-13112, CVE-2019-13113, CVE-2019-13114)
CVE-2019-13108: integer overflow PngImage::readMetadata leads to denial of service
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.
References:
Patch:
https://github.com/Exiv2/exiv2/commit/5d1d6981229b5e44401bf5c503100553fc7d877a
CVE-2019-13109: denial of service in PngImage::readMetadata
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.
References:
Patch:
https://github.com/Exiv2/exiv2/commit/491c3ebe3b3faa6d8f75fb28146186792c2439da
CVE-2019-13110: integer-overflow and out-of-bounds read in CiffDirectory::readDirectory leads to denail of service
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.
References:
Patch:
https://github.com/Exiv2/exiv2/commit/9628f82084ed30d494ddd4f7360d233801e22967
CVE-2019-13111: integer overflow in WebPImage::decodeChunks leads to denial of service
A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.
References:
Patch:
https://github.com/Exiv2/exiv2/pull/797/commits
CVE-2019-13112: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.
References:
Patch:
https://github.com/Exiv2/exiv2/commit/1ed1e03c83802547585833fa9d4433af94798778
CVE-2019-13113: invalid data location in CRW image file causing denial of service
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.
References:
Patches:
- https://github.com/Exiv2/exiv2/commit/6212806b7637be683a56c769a8d905153996d933
- https://github.com/Exiv2/exiv2/commit/ccde30afa8ca787a3fe17388a15977f107a53b72
CVE-2019-13114: null-pointer dereference in http.c causing denial of service
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.
References:
Patch:
https://github.com/Exiv2/exiv2/commit/ccde30afa8ca787a3fe17388a15977f107a53b72
Affected branches:
-
master -
3.10-stable -
3.9-stable -
3.8-stable -
3.7-stable