CVE-2018-8976

Опубликовано: 25 мар. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.

Ссылки

https://access.redhat.com/errata/RHSA-2019:2101
Third Party Advisory
https://github.com/Exiv2/exiv2/issues/246
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201811-14
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2101
Third Party Advisory
https://github.com/Exiv2/exiv2/issues/246
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201811-14
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:exiv2:exiv2:0.26:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00298

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2018-8976

CVSS3: 6.5

ubuntu

больше 7 лет назад

In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.

CVE-2018-8976

CVSS3: 3.3

redhat

больше 7 лет назад

In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.

CVE-2018-8976

CVSS3: 6.5

debian

больше 7 лет назад

In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial ...

GHSA-64gf-9xgm-rfrx

CVSS3: 6.5

github

около 3 лет назад

In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.

BDU:2023-01651

CVSS3: 5.3

fstec

больше 7 лет назад

Уязвимость компонента jpgimage.cpp библиотеки для управления метаданными медиафайлов Exiv2, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 53%

0.00298

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125