CVE-2020-18773

Name of the Vulnerable Software and Affected Versions Exiv2 version 0.27.99.0

Description The issue is related to an invalid memory access in the decode function of the iptc.cpp component in the Exiv2 library, which can lead to a buffer overflow. This allows a remote attacker to cause a denial of service (DOS) by using a specially crafted tif file.

Recommendations For Exiv2 version 0.27.99.0, consider disabling the decode function in iptc.cpp as a temporary workaround to prevent exploitation until a patch is available. Restrict access to the iptc.cpp component to minimize the risk of denial of service attacks. Avoid using the affected Exiv2 library with untrusted tif files until the issue is resolved.