CVE-2020-18773

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Exiv2 version 0.27.99.0

Description The issue is related to an invalid memory access in the decode function of the iptc.cpp component in the Exiv2 library, which can lead to a buffer overflow. This allows a remote attacker to cause a denial of service (DOS) by using a specially crafted tif file.

Recommendations For Exiv2 version 0.27.99.0, consider disabling the decode function in iptc.cpp as a temporary workaround to prevent exploitation until a patch is available. Restrict access to the iptc.cpp component to minimize the risk of denial of service attacks. Avoid using the affected Exiv2 library with untrusted tif files until the issue is resolved.

Exploit

Fix

DoS

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

BDU:2022-02063

CVE-2020-18773

Affected Products

Debian

Exiv2

CVE-2020-18773

Weakness Enumeration

Related Identifiers

Affected Products

References · 12