PT-2018-13416 · Signal · Open Whisper Signal

Nick M. Mckenna

Published

2018-08-29

Updated

2018-11-08

CVE-2018-16132

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Open Whisper Signal versions through 2.29.0

Description The issue arises from the image rendering component, specifically the createGenericPreview function, which fails to check for unreasonably large images before manipulating them. This allows an attacker to send a large image to a user, causing the device to exhaust its available memory when the image is displayed, resulting in a forced restart.

Recommendations For versions through 2.29.0, as a temporary workaround, consider disabling the image preview feature until a patch is available. Restrict the receipt of large images to minimize the risk of exploitation.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2018-16132

Affected Products

Open Whisper Signal

PT-2018-13416 · Signal · Open Whisper Signal

CVE-2018-16132

Weakness Enumeration

Related Identifiers

Affected Products

References · 3