PT-2018-3628 · Exiv2+8 · Exiv2+8

Piponazo

Publicado

2018-08-31

Atualizado

2024-06-15

CVE-2018-19108

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Exiv2 version 0.26

Description The issue is related to the Exiv2::PsdImage::readMetadata function in the psdimage.cpp file of the Exiv2 library, which may cause a denial of service due to an integer overflow when processing a crafted PSD image file. This can lead to an infinite loop. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For Exiv2 version 0.26, consider disabling the Exiv2::PsdImage::readMetadata function until a patch is available to prevent potential denial of service attacks. Restrict access to PSD image files to minimize the risk of exploitation.

Correção

DoS

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835

Identificadores relacionados

ALSA-2020:1577

ALT-PU-2019-2468

ALT-PU-2019-2590

BDU:2021-01427

CESA-2019_2101

CESA-2020_1577

CVE-2018-19108

DLA-1691-1

DLA-3265-1

OPENSUSE-SU-2020:0482-1

OPENSUSE-SU-2020_0482-1

OPENSUSE-SU-2024:12399-1

RHSA-2019:2101

RHSA-2019_2101

RHSA-2020:1577

RHSA-2020_1577

RLSA-2020:1577

SUSE-SU-2020:0921-1

USN-4056-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Exiv2

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2018-3628 · Exiv2+8 · Exiv2+8

CVE-2018-19108

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 125