Описание
The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.29.0 (включая)
cpe:2.3:a:signal:signal:*:*:*:*:*:iphone_os:*:*
EPSS
Процентиль: 53%
0.00296
Низкий
8.6 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-400
Связанные уязвимости
CVSS3: 8.6
github
больше 3 лет назад
The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device.
EPSS
Процентиль: 53%
0.00296
Низкий
8.6 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-400