MidnightBSD

Advisories for xv_project

CVE-2017-18215 HIGH

xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opensuse leap 42.3
xv_project xv 3.10a