PT-2018-3722 · Libexif+4 · Libexif+4

Laurent Delosieres

Published

2018-10-12

Updated

2024-06-15

CVE-2018-20030

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libexif version 0.6.21

Description The issue is related to an error when processing the EXIF IFD INTEROPERABILITY and EXIF IFD EXIF tags within the libexif library. This error can be exploited to exhaust available CPU resources, potentially leading to a denial of service. The vulnerability can be exploited by a remote attacker.

Recommendations For libexif version 0.6.21, consider updating to a newer version that addresses this issue, although the specific fixed version is not provided in the available data. As a temporary workaround, consider restricting the processing of EXIF files or limiting the resources available to the libexif library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2020-2019

ALT-PU-2020-2723

BDU:2021-03833

CVE-2018-20030

DLA-2214-1

DLA-2222-1

MGASA-2019-0095

OPENSUSE-SU-2020:0264-1

OPENSUSE-SU-2020:0793-1

OPENSUSE-SU-2020_0264-1

OPENSUSE-SU-2020_0793-1

OPENSUSE-SU-2024:10939-1

SUSE-SU-2020:0457-1

SUSE-SU-2020:0458-1

SUSE-SU-2020:14294-1

SUSE-SU-2020:1534-1

SUSE-SU-2020:1553-1

SUSE-SU-2020:1553-2

SUSE-SU-2020_0457-1

SUSE-SU-2020_0458-1

SUSE-SU-2020_14294-1

SUSE-SU-2020_1534-1

SUSE-SU-2020_1553-1

SUSE-SU-2020_1553-2

USN-4358-1

Affected Products

Alt Linux

Linuxmint

Suse

Ubuntu

Libexif

PT-2018-3722 · Libexif+4 · Libexif+4

CVE-2018-20030

Weakness Enumeration

Related Identifiers

Affected Products

References · 69