CVE-2018-19607

Опубликовано: 27 нояб. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
https://access.redhat.com/errata/RHSA-2019:2101
https://github.com/Exiv2/exiv2/issues/561
Exploit
Issue Tracking
Patch
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
https://access.redhat.com/errata/RHSA-2019:2101
https://github.com/Exiv2/exiv2/issues/561
Exploit
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:exiv2:exiv2:0.27:rc2:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00638

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

CVE-2018-19607

CVSS3: 6.5

ubuntu

около 7 лет назад

Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

CVE-2018-19607

CVSS3: 3.3

redhat

около 7 лет назад

Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

CVE-2018-19607

CVSS3: 6.5

debian

около 7 лет назад

Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote att ...

GHSA-xpv8-33xp-mjf2

CVSS3: 6.5

github

больше 3 лет назад

Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

openSUSE-SU-2020:0482-1

suse-cvrf

больше 5 лет назад

Security update for exiv2

EPSS

Процентиль: 70%

0.00638

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-476