Integer Overflow Vulnerability in Exiv2 0.26 Allows Denial of Service via Crafted PSD Image File

Integer Overflow Vulnerability in Exiv2 0.26 Allows Denial of Service via Crafted PSD Image File

CVE-2018-19107 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.

Learn more about our Web Application Penetration Testing UK.