1117291 – (CVE-2018-19535) VUL-1: CVE-2018-19535: exiv2: In Exiv2 0.26 and previous versions, PngChunk:readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.

Bug 1117291 (CVE-2018-19535) - VUL-1: CVE-2018-19535: exiv2: In Exiv2 0.26 and previous versions, PngChunk:readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.

Summary: VUL-1: CVE-2018-19535: exiv2: In Exiv2 0.26 and previous versions, PngChunk:r...

Status:	RESOLVED FIXED

Alias:	CVE-2018-19535

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/219633/
Whiteboard:	CVSSv3:SUSE:CVE-2018-19535:4.5:(AV:L/...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2018-11-26 10:40 UTC by Marcus Meissner
Modified:	2024-07-26 10:12 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
hbo_pngchunk_int.cpp\:635_1.png (1.46 KB, application/octet-stream) 2018-11-26 10:42 UTC, Marcus Meissner	Details
hbo_pngchunk_int.cpp:635_2.png (176 bytes, image/png) 2018-11-26 10:43 UTC, Marcus Meissner	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2018-11-26 10:40:40 UTC

CVE-2018-19535

In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in
pngchunk_int.cpp may cause a denial of service (application crash due to a
heap-based buffer over-read) via a crafted PNG file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19535
https://github.com/Exiv2/exiv2/pull/430
https://github.com/Exiv2/exiv2/issues/428

Comment 1 Marcus Meissner 2018-11-26 10:42:26 UTC

Created attachment 790842 [details]
hbo_pngchunk_int.cpp\:635_1.png

QA REPRODUCER:

exiv2 hbo_pngchunk_int.cpp\:635_1.png

should not crash

Comment 2 Marcus Meissner 2018-11-26 10:43:44 UTC

Created attachment 790843 [details]
hbo_pngchunk_int.cpp:635_2.png

QA RERPRODUCER:

exiv2 hbo_pngchunk_int.cpp:635_2.png

should not crash

Comment 5 Dirk Mueller 2023-10-05 22:17:51 UTC

This is already fixed in the versions of SLE15:Update and above. 

SLE12:update submitted.

Comment 7 Maintenance Automation 2023-10-13 12:30:18 UTC

SUSE-SU-2023:4070-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1117291
CVE References: CVE-2018-19535
Sources used:
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): exiv2-0.23-12.21.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): exiv2-0.23-12.21.1
SUSE Linux Enterprise Server 12 SP5 (src): exiv2-0.23-12.21.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): exiv2-0.23-12.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Andrea Mattiazzo 2024-07-26 10:12:50 UTC

All done, closing.