Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-20099

Опубликовано: 10 дек. 2018
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

Отчет

This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6exiv2Not affected
Red Hat Enterprise Linux 7exiv2FixedRHSA-2019:210106.08.2019
Red Hat Enterprise Linux 8exiv2FixedRHSA-2020:157728.04.2020
Red Hat Enterprise Linux 8geglFixedRHSA-2020:157728.04.2020
Red Hat Enterprise Linux 8gnome-color-managerFixedRHSA-2020:157728.04.2020
Red Hat Enterprise Linux 8libgexiv2FixedRHSA-2020:157728.04.2020

Показывать по

Дополнительная информация

Статус:

Low
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1660426exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service

EPSS

Процентиль: 63%
0.00468
Низкий

3.3 Low

CVSS3

Связанные уязвимости

CVSS3: 6.5
ubuntu
больше 6 лет назад

There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

CVSS3: 6.5
nvd
больше 6 лет назад

There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

CVSS3: 6.5
debian
больше 6 лет назад

There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2im ...

CVSS3: 6.5
github
около 3 лет назад

There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

suse-cvrf
больше 2 лет назад

Security update for exiv2

EPSS

Процентиль: 63%
0.00468
Низкий

3.3 Low

CVSS3