PT-2018-3454 · Exiv2+8 · Exiv2+8

Publicado

2018-09-25

·

Atualizado

2023-01-13

·

CVE-2018-17581

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Exiv2 version 0.26
Description: The issue is related to excessive stack consumption due to a recursive function in the CiffDirectory::readDirectory() at crwimage int.cpp, leading to a denial of service. This can be exploited by a remote attacker to cause a denial of service. The vulnerability is associated with uncontrolled resource consumption in the Exiv2 library for managing media file metadata.
Recommendations: For Exiv2 version 0.26, as a temporary workaround, consider disabling the CiffDirectory::readDirectory() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALSA-2020:1577
ALT-PU-2019-2468
ALT-PU-2019-2590
BDU:2020-01713
CESA-2019_2101
CESA-2020_1577
CVE-2018-17581
DLA-1691-1
DLA-3265-1
OPENSUSE-SU-2022_4208-1
OPENSUSE-SU-2022_4276-1
RHSA-2019:2101
RHSA-2019_2101
RHSA-2020:1577
RHSA-2020_1577
RLSA-2020:1577
SUSE-SU-2020:0860-1
SUSE-SU-2022:4208-1
SUSE-SU-2022:4276-1
USN-3852-1

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Exiv2
Red Hat
Rocky Linux
Suse
Ubuntu