CVE-2019-13112

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Exiv2 versions prior to 0.27.2

Description The issue is related to an uncontrolled memory allocation in the PngChunk::parseChunkContent function of the Exiv2 library, which can be exploited by an attacker to cause a denial of service via a crafted PNG image file. This can lead to a crash due to an std::bad alloc exception.

Recommendations For Exiv2 versions prior to 0.27.2, update to version 0.27.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the PngChunk::parseChunkContent function to minimize the risk of exploitation.

Exploit

Fix

DoS

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770

Related Identifiers

ALSA-2020:1577

ALT-PU-2019-2468

ALT-PU-2019-2590

BDU:2020-02398

CESA-2020_1577

CVE-2019-13112

DLA-3265-1

MGASA-2019-0415

RHSA-2020:1577

RHSA-2020_1577

RLSA-2020:1577

SUSE-SU-2022:4252-1

USN-4056-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Exiv2

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2019-13112

Weakness Enumeration

Related Identifiers

Affected Products

References · 122