Heap-based Buffer Over-read Vulnerability in Exiv2's PngChunk::readRawProfile

Heap-based Buffer Over-read Vulnerability in Exiv2's PngChunk::readRawProfile

CVE-2018-19535 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.

Learn more about our Web Application Penetration Testing UK.