PT-2019-6192 · Exiv2+3 · Exiv2+3
92Wyunchao
·
Publicado
2019-03-25
·
Atualizado
2026-03-18
·
CVE-2020-18771
CVSS v2.0
8.8
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Exiv2 version 0.27.99.0
Description
The issue is related to a global buffer over-read in the
Exiv2::Internal::Nikon1MakerNote::print0x0088 function in nikonmn int.cpp, which can result in an information leak. This can allow a remote attacker to access confidential data and potentially cause a denial of service.Recommendations
For Exiv2 version 0.27.99.0, consider disabling the
Exiv2::Internal::Nikon1MakerNote::print0x0088 function as a temporary workaround until a patch is available. Restrict access to sensitive data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Astra Linux
Exiv2
Linuxmint
Ubuntu