CVE-2018-19756 (Medium) detected in expoios/2.10.6 #5
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
mend-bolt-for-github
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2018-19756 - Medium Severity Vulnerability
An open-source platform for making universal native apps with React. Expo runs on Android, iOS, and the web.
Library home page: https://github.com/expo/expo.git
There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.
Publish Date: 2018-11-30
URL: CVE-2018-19756
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: saitoha/libsixel#80
Release Date: 2018-11-30
Fix Resolution: v1.8.3
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: