CVE-2018-12264

Опубликовано: 13 июн. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
https://access.redhat.com/errata/RHSA-2019:2101
https://github.com/Exiv2/exiv2/issues/366
Exploit
Third Party Advisory
https://github.com/TeamSeri0us/pocs/blob/master/exiv2/2-out-of-read-Poc
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html
Third Party Advisory
https://security.gentoo.org/glsa/201811-14
Third Party Advisory
https://usn.ubuntu.com/3700-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4238
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
https://access.redhat.com/errata/RHSA-2019:2101
https://github.com/Exiv2/exiv2/issues/366
Exploit
Third Party Advisory
https://github.com/TeamSeri0us/pocs/blob/master/exiv2/2-out-of-read-Poc
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html
Third Party Advisory
https://security.gentoo.org/glsa/201811-14
Third Party Advisory
https://usn.ubuntu.com/3700-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4238
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:exiv2:exiv2:0.26:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

EPSS

Процентиль: 74%

0.00882

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2018-12264

CVSS3: 8.8

ubuntu

около 7 лет назад

Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.

CVE-2018-12264

CVSS3: 3.3

redhat

около 7 лет назад

Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.

CVE-2018-12264

CVSS3: 8.8

debian

около 7 лет назад

Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.c ...

GHSA-hpvf-p5h7-gvf4

CVSS3: 8.8

github

около 3 лет назад

Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.

BDU:2019-04248

CVSS3: 8.8

fstec

около 7 лет назад

Уязвимость функции LoaderTiff::getData() библиотеки для управления метаданными медиафайлов Exiv2, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 74%

0.00882

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-125