CVE-2020-18899

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Exiv2 version 0.27

Description The issue is related to an uncontrolled memory allocation in the DataBufdata(subBox.length-sizeof(box)) function of the Exiv2 library, which can be exploited by a remote attacker to cause a denial of service (DOS) via a crafted input.

Recommendations For Exiv2 version 0.27, consider disabling the DataBufdata(subBox.length-sizeof(box)) function as a temporary workaround until a patch is available. Restrict access to the Exiv2 library to minimize the risk of exploitation. Avoid using crafted inputs that could trigger the uncontrolled memory allocation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2022-02060

CVE-2020-18899

OPENSUSE-SU-2022_3598-1

PYSEC-2021-879

SUSE-SU-2022:3598-1

USN-8103-1

Affected Products

Exiv2

Linuxmint

Suse

Ubuntu

CVE-2020-18899

Weakness Enumeration

Related Identifiers

Affected Products

References · 57