Vulnerability Details CVE-2017-18215
xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://bugzilla.suse.com/attachment.cgi?id=728337
- https://bugzilla.suse.com/show_bug.cgi?id=1043479
- https://lists.opensuse.org/opensuse-updates/2018-02/msg00088.html
- https://bugzilla.suse.com/attachment.cgi?id=728337
- https://bugzilla.suse.com/show_bug.cgi?id=1043479
- https://lists.opensuse.org/opensuse-updates/2018-02/msg00088.html
Products affected by CVE-2017-18215
-
cpe:2.3:a:xv_project:xv:3.10a
-
cpe:2.3:o:opensuse:leap:42.3