CVE-2018-10958 – exiv2: SIGABRT caused by memory allocation in types.cpp:Exiv2::Internal::PngChunk::zlibUncompress()
https://notcve.org/view.php?id=CVE-2018-10958
In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. En types.cpp en Exiv2 0.26, un valor de tamaño largo podría conducir a un SIGABRT durante un intento de asignación de memoria en una llamada Exiv2::Internal::PngChunk::zlibUncompress. • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/302 https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html https://security.gentoo.org/glsa/201811-14 https://usn.ubuntu.com/3700-1 https://www.debian.org/security/2018/dsa-4238 https://access.redhat.com/security/cve/CVE-2018-10958 https://bugzilla.redhat.com/show_bug.cgi?id=1578659 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400: Uncontrolled Resource Consumption •
CVE-2018-10780
https://notcve.org/view.php?id=CVE-2018-10780
Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read. Exiv2::Image::byteSwap2 en image.cpp en Exiv2 0.26 tiene una sobrelectura de búfer basada en memoria dinámica (heap). • https://bugzilla.redhat.com/show_bug.cgi?id=1575201 https://security.gentoo.org/glsa/201811-14 • CWE-125: Out-of-bounds Read •
CVE-2018-10772 – exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file
https://notcve.org/view.php?id=CVE-2018-10772
The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. La función tEXtToDataBuf en pngimage.cpp en Exiv2 hasta la versión 0.26 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, cualquier otro tipo de problema mediante un archivo manipulado. • https://access.redhat.com/errata/RHSA-2019:2101 https://bugzilla.redhat.com/show_bug.cgi?id=1566260 https://access.redhat.com/security/cve/CVE-2018-10772 https://bugzilla.redhat.com/show_bug.cgi?id=1594627 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400: Uncontrolled Resource Consumption •
CVE-2018-9145
https://notcve.org/view.php?id=CVE-2018-9145
In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file. En la clase DataBuf en include/exiv2/types.hpp en Exiv2 0.26, existe un problema en el constructor con un tamaño de búfer inicial. Un valor de tamaño grande puede desembocar en un SIGABRT durante un intento de asignación de memoria. • https://bugzilla.novell.com/show_bug.cgi?id=1087879 https://bugzilla.redhat.com/show_bug.cgi?id=1564281 https://github.com/xiaoqx/pocs/tree/master/exiv2 https://security.gentoo.org/glsa/201811-14 • CWE-20: Improper Input Validation •
CVE-2018-8977 – exiv2: invalid memory access in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp
https://notcve.org/view.php?id=CVE-2018-8977
In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file. La función Exiv2::Internal::printCsLensFFFF en canonmn_int.cpp en Exiv2 0.26 permite que atacantes remotos provoquen una denegación de servicio (acceso a memoria no válido) mediante un archivo manipulado. • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/247 https://security.gentoo.org/glsa/201811-14 https://access.redhat.com/security/cve/CVE-2018-8977 https://bugzilla.redhat.com/show_bug.cgi?id=1561217 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •