Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits: d70320a9 by Bastien Roucariès at 2023-09-29T15:20:16+00:00 CVE-2020-18832 does not affect buster Code was refactored after buster in order to read chunked png. Poc was tested under vlagrind and fail gracefuly without leak and out of bound read - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -232124,6 +232124,7 @@ CVE-2020-18832 RESERVED CVE-2020-18831 (Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cp ...) - exiv2 0.27.2-6 + [buster] - exiv2 <not-affected> (exiv2 -pR flags introduced later and poc fail with "Exiv2 exception in print action for file poc.png". Introduced later by chunked read.) NOTE: https://github.com/Exiv2/exiv2/issues/828 NOTE: https://github.com/Exiv2/exiv2/pull/862 NOTE: https://github.com/Exiv2/exiv2/commit/6068df4c01ce915befb763bd0fd718d16a5df130 (v0.27.2-RC1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d70320a9873a3f717ed567ae1688e142be6b85f4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d70320a9873a3f717ed567ae1688e142be6b85f4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits