SB2019040251 - Fedora 30 update for mingw-exiv2 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019040251

SB2019040251 - Fedora 30 update for mingw-exiv2

Published: April 2, 2019 Updated: April 24, 2025

Security Bulletin ID SB2019040251
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2018-20096)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.


2) Buffer overflow (CVE-ID: CVE-2018-20097)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.


3) Out-of-bounds read (CVE-ID: CVE-2018-20098)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.


4) Infinite loop (CVE-ID: CVE-2018-20099)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.


Remediation

Install update from vendor's website.

References