Bug 1106851 - (CVE-2018-16336) VUL-1: CVE-2018-16336: exiv2: Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackersto cause a denial of service (heap-based buffer over-read) via a crafted imagefile, a different vulnerability than CVE-2018-10999
(CVE-2018-16336)
VUL-1: CVE-2018-16336: exiv2: Exiv2::Internal::PngChunk::parseTXTChunk in Exi...
Status: RESOLVED WONTFIX
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Dirk Mueller
Security Team bot
https://smash.suse.de/issue/213626/
CVSSv3:SUSE:CVE-2018-16336:3.3:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-09-03 05:38 UTC by Marcus Meissner
Modified: 2018-10-01 22:39 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
poc1-heapoverflow (372 bytes, image/png)
2018-09-03 05:44 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-09-03 05:38:06 UTC
CVE-2018-16336

Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers
to cause a denial of service (heap-based buffer over-read) via a crafted image
file, a different vulnerability than CVE-2018-10999.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16336
https://github.com/Exiv2/exiv2/issues/400
Comment 1 Marcus Meissner 2018-09-03 05:44:44 UTC
Created attachment 781640 [details]
poc1-heapoverflow

QA REPRODUCER:

valgrind exiv2 poc1-heapoverflow

should not report invalid reads
Comment 2 Johannes Segitz 2018-09-14 07:13:33 UTC
SUSE will not provide a fix for this issue since the risk to our customers posed by this is negligible.