PT-2018-3722 · Libexif+4 · Libexif+4

Laurent Delosieres

Publicado

2018-10-12

Atualizado

2024-06-15

CVE-2018-20030

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libexif version 0.6.21

Description The issue is related to an error when processing the EXIF IFD INTEROPERABILITY and EXIF IFD EXIF tags within the libexif library. This error can be exploited to exhaust available CPU resources, potentially leading to a denial of service. The vulnerability can be exploited by a remote attacker.

Recommendations For libexif version 0.6.21, consider updating to a newer version that addresses this issue, although the specific fixed version is not provided in the available data. As a temporary workaround, consider restricting the processing of EXIF files or limiting the resources available to the libexif library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALT-PU-2020-2019

ALT-PU-2020-2723

BDU:2021-03833

CVE-2018-20030

DLA-2214-1

DLA-2222-1

MGASA-2019-0095

OPENSUSE-SU-2020:0264-1

OPENSUSE-SU-2020:0793-1

OPENSUSE-SU-2020_0264-1

OPENSUSE-SU-2020_0793-1

OPENSUSE-SU-2024:10939-1

SUSE-SU-2020:0457-1

SUSE-SU-2020:0458-1

SUSE-SU-2020:14294-1

SUSE-SU-2020:1534-1

SUSE-SU-2020:1553-1

SUSE-SU-2020:1553-2

SUSE-SU-2020_0457-1

SUSE-SU-2020_0458-1

SUSE-SU-2020_14294-1

SUSE-SU-2020_1534-1

SUSE-SU-2020_1553-1

SUSE-SU-2020_1553-2

USN-4358-1

Produtos afetados

Alt Linux

Linuxmint

Suse

Ubuntu

Libexif

PT-2018-3722 · Libexif+4 · Libexif+4

CVE-2018-20030

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 69