Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-18771

Опубликовано: 25 мар. 2019
Источник: redhat
CVSS3: 3.5

Описание

Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak.

Отчет

Red Hat Product Security has determined the Impact to this bug as low for the following reasons:

  • The attacker needs access to the system to trigger the bug as exiv2 is a library accompanied by a command line utility.
  • While it is possible to crash exiv2 with a malicious payload, there is no known exploit to be able to run arbitrary code or escalate privileges. This only creates an availability problem.
  • The bug does not affect any other resources in terms of integrity, confidentiality or avialability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6exiv2Out of support scope
Red Hat Enterprise Linux 7compat-exiv2-023Out of support scope
Red Hat Enterprise Linux 7compat-exiv2-026Out of support scope
Red Hat Enterprise Linux 7exiv2Out of support scope
Red Hat Enterprise Linux 8compat-exiv2-026Will not fix
Red Hat Enterprise Linux 8exiv2Fix deferred
Red Hat Enterprise Linux 9exiv2Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1997745exiv2: buffer overflow in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp

3.5 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-18771

CVSS3: 8.1
ubuntu
больше 4 лет назад

Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak.

nvd логотип

CVE-2020-18771

CVSS3: 8.1
nvd
больше 4 лет назад

Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak.

debian логотип

CVE-2020-18771

CVSS3: 8.1
debian
больше 4 лет назад

Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Niko ...

github логотип

GHSA-q7h8-cc9p-3543

CVSS3: 8.1
github
больше 3 лет назад

Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak.

fstec логотип

BDU:2022-02061

CVSS3: 8.1
fstec
почти 7 лет назад

Уязвимость функции Exiv2::Internal::Nikon1MakerNote::print0x0088 компонента nikonmn_int.cpp библиотеки для управления метаданными медиафайлов Exiv2, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании

3.5 Low

CVSS3