CVE-2018-5772

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Exiv2 version 0.26

Description: The issue is caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function, located in the image.cpp file. This can be exploited by remote attackers to cause a denial of service using a crafted tif file.

Recommendations: For Exiv2 version 0.26, consider disabling the Exiv2::Image::printIFDStructure function until a patch is available to prevent potential denial of service attacks via crafted tif files.

Exploit

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

ALT-PU-2018-2105

ALT-PU-2019-2468

ALT-PU-2019-2590

CVE-2018-5772

OPENSUSE-SU-2022_3598-1

SUSE-SU-2022:3598-1

Affected Products

Alt Linux

Exiv2

Suse

CVE-2018-5772

Weakness Enumeration

Related Identifiers

Affected Products

References · 211