CVE-2018-14046

Priority
Description
Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in
webpimage.cpp.
Notes
mdeslaurwebpimage support not in 0.25
Package
Source: exiv2 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Patches:
Other:https://github.com/D4N/exiv2/commit/49bfe84b4b7277cc425572fb68db23c8820181c1
Other:https://github.com/D4N/exiv2/commit/f8fc2e6dcec7ce34fe83f3ca5418aa046d27d970
More Information

Updated: 2020-01-29 20:01:58 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)