First Last Prev Next    This bug is not in your last search results.
Bug 1106851 - (CVE-2018-16336) VUL-1: CVE-2018-16336: exiv2: Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackersto cause a denial of service (heap-based buffer over-read) via a crafted imagefile, a different vulnerability than CVE-2018-10999
(CVE-2018-16336)
VUL-1: CVE-2018-16336: exiv2: Exiv2::Internal::PngChunk::parseTXTChunk in Exi...
Status: RESOLVED WONTFIX
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Dirk Mueller
Security Team bot
https://smash.suse.de/issue/213626/
CVSSv3:SUSE:CVE-2018-16336:3.3:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-09-03 05:38 UTC by Marcus Meissner
Modified: 2018-10-01 22:39 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
poc1-heapoverflow (372 bytes, image/png)
2018-09-03 05:44 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-09-03 05:38:06 UTC 
CVE-2018-16336

Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers
to cause a denial of service (heap-based buffer over-read) via a crafted image
file, a different vulnerability than CVE-2018-10999.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16336
https://github.com/Exiv2/exiv2/issues/400
Comment 1 Marcus Meissner 2018-09-03 05:44:44 UTC 
Created attachment 781640 [details]
poc1-heapoverflow

QA REPRODUCER:

valgrind exiv2 poc1-heapoverflow

should not report invalid reads
Comment 2 Johannes Segitz 2018-09-14 07:13:33 UTC 
SUSE will not provide a fix for this issue since the risk to our customers posed by this is negligible.
First Last Prev Next    This bug is not in your last search results.