CVE-2019-13445

Name of the Vulnerable Software and Affected Versions ros comm versions through 1.14.3

Description An issue was discovered in the ROS communications-related packages where the parseOptions() function in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line.

Recommendations For versions through 1.14.3, consider updating to a version that fixes the integer overflow issue in the parseOptions() function. As a temporary workaround, restrict the use of the split option on the command line to minimize the risk of exploitation.