PT-2018-16581 · Exiv2+5 · Exiv2+5

Xcainiao

Published

2018-01-03

Updated

2020-04-28

CVE-2018-4868

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Exiv2 version 0.26

Description The issue allows remote attackers to cause a denial of service due to excessive memory allocation via a crafted file. This is related to the Exiv2::Jp2Image::readMetadata function in jp2image.cpp.

Recommendations For Exiv2 version 0.26, consider disabling the readMetadata function in jp2image.cpp as a temporary workaround to minimize the risk of exploitation.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALSA-2020:1577

ALT-PU-2019-2468

ALT-PU-2019-2590

CESA-2019_2101

CESA-2020_1577

CVE-2018-4868

RHSA-2019:2101

RHSA-2019_2101

RHSA-2020:1577

RHSA-2020_1577

RLSA-2020:1577

Affected Products

Alt Linux

Almalinux

Centos

Exiv2

Red Hat

Rocky Linux

PT-2018-16581 · Exiv2+5 · Exiv2+5

CVE-2018-4868

Weakness Enumeration

Related Identifiers

Affected Products

References · 72