4.3
CVSSv2

CVE-2018-20098

Published: 12/12/2018 Updated: 03/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

Vulnerability Trend

Affected Products

Vendor Product Versions
Exiv2Exiv20.27

Vendor Advisories

There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2imagecpp in Exiv2 027-RC3 A crafted input will lead to a remote denial of service attack ...
Synopsis Low: exiv2 security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update for exiv2 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base sc ...
An integer underflow, leading to heap-based out-of-bound read, was found in the way Exiv2 library prints IPTC Photo Metadata embedded in an image By persuading a victim to open a crafted image, a remote attacker could crash the application or possibly retrieve a portion of memory(CVE-2017-17724 ) The tEXtToDataBuf function in pngimagecpp in Exiv ...