CVE-2018-8976

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Exiv2 version 0.26

Description The issue is related to a denial of service caused by an out-of-bounds read in the Exiv2::Internal::stringFormat function in image.cpp. This can be triggered by remote attackers using a specially crafted file, potentially leading to a service disruption. The vulnerability is associated with the jpgimage.cpp component of the Exiv2 library, which is used for managing media file metadata.

Recommendations For Exiv2 version 0.26, consider disabling the jpgimage.cpp component or restricting its use until a patch is available to prevent potential exploitation. As a temporary workaround, avoid using crafted or untrusted image files to minimize the risk of triggering the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2018-2105

ALT-PU-2019-2468

ALT-PU-2019-2590

BDU:2023-01651

CESA-2019_2101

CVE-2018-8976

DLA-3265-1

OPENSUSE-SU-2022_3598-1

RHSA-2019:2101

RHSA-2019_2101

SUSE-SU-2022:3598-1

Affected Products

Alt Linux

Astra Linux

Centos

Exiv2

Red Hat

Suse

CVE-2018-8976

Weakness Enumeration

Related Identifiers

Affected Products

References · 49