Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-20097

Опубликовано: 10 дек. 2018
Источник: redhat
CVSS3: 3.3

Описание

There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

Отчет

This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6exiv2Not affected
Red Hat Enterprise Linux 7exiv2FixedRHSA-2019:210106.08.2019
Red Hat Enterprise Linux 8exiv2FixedRHSA-2020:157728.04.2020
Red Hat Enterprise Linux 8geglFixedRHSA-2020:157728.04.2020
Red Hat Enterprise Linux 8gnome-color-managerFixedRHSA-2020:157728.04.2020
Red Hat Enterprise Linux 8libgexiv2FixedRHSA-2020:157728.04.2020

Показывать по

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1660424exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function

3.3 Low

CVSS3

Связанные уязвимости

CVSS3: 6.5
ubuntu
больше 6 лет назад

There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

CVSS3: 6.5
nvd
больше 6 лет назад

There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

CVSS3: 6.5
debian
больше 6 лет назад

There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroup ...

CVSS3: 6.5
github
около 3 лет назад

There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

CVSS3: 5.3
fstec
больше 6 лет назад

Уязвимость компонента tiffimage_int.cpp библиотеки для управления метаданными медиафайлов Exiv2, позволяющая нарушителю вызвать отказ в обслуживании

3.3 Low

CVSS3