PT-2018-3628 · Exiv2+8 · Exiv2+8

Piponazo

Published

2018-08-31

Updated

2024-06-15

CVE-2018-19108

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Exiv2 version 0.26

Description The issue is related to the Exiv2::PsdImage::readMetadata function in the psdimage.cpp file of the Exiv2 library, which may cause a denial of service due to an integer overflow when processing a crafted PSD image file. This can lead to an infinite loop. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For Exiv2 version 0.26, consider disabling the Exiv2::PsdImage::readMetadata function until a patch is available to prevent potential denial of service attacks. Restrict access to PSD image files to minimize the risk of exploitation.

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALSA-2020:1577

ALT-PU-2019-2468

ALT-PU-2019-2590

BDU:2021-01427

CESA-2019_2101

CESA-2020_1577

CVE-2018-19108

DLA-1691-1

DLA-3265-1

OPENSUSE-SU-2020:0482-1

OPENSUSE-SU-2020_0482-1

OPENSUSE-SU-2024:12399-1

RHSA-2019:2101

RHSA-2019_2101

RHSA-2020:1577

RHSA-2020_1577

RLSA-2020:1577

SUSE-SU-2020:0921-1

USN-4056-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Exiv2

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2018-3628 · Exiv2+8 · Exiv2+8

CVE-2018-19108

Weakness Enumeration

Related Identifiers

Affected Products

References · 125