CVE-2020-18898

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Exiv2 version 0.27

Description The issue is related to a stack exhaustion problem in the printIFDStructure function of the Exiv2 library. This allows a remote attacker to cause a denial of service (DOS) by using a specially crafted file. The exploitation of this issue can lead to a service disruption.

Recommendations For Exiv2 version 0.27, consider disabling the printIFDStructure function as a temporary workaround until a patch is available. Restrict access to the Exiv2 library to minimize the risk of exploitation. Avoid using the Exiv2 library with untrusted files until the issue is resolved.

Exploit

Fix

DoS

Uncontrolled Recursion

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674CWE-787

Related Identifiers

ALSA-2022:1797

ALSA-2022:1842

BDU:2022-01660

CESA-2022_1797

CESA-2022_1842

CVE-2020-18898

OPENSUSE-SU-2022_3598-1

RHSA-2022:1797

RHSA-2022:1842

RHSA-2022_1797

RHSA-2022_1842

RLSA-2022:1797

RLSA-2022:1842

SUSE-SU-2022:3598-1

Affected Products

Almalinux

Centos

Debian

Exiv2

Red Hat

Rocky Linux

Suse

CVE-2020-18898

Weakness Enumeration

Related Identifiers

Affected Products

References · 56