Published: 18/01/2018 Updated: 03/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
exiv2 exiv2 0.26

Debian Bug report logs - #888862 exiv2: CVE-2018-5772 Package: src:exiv2; Maintainer for src:exiv2 is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 30 Jan 2018 19:27:02 UTC Severity: grave Tags: security, upstream Found in version ex ...

An unbounded recursion flaw was found in the way Exiv2 handled certain image files An attacker could potentially use this flaw to crash the exiv2 CLI utility program by tricking it into processing crafted input files ...

CWE-674 https://github.com/Exiv2/exiv2/issues/216 http://www.securityfocus.com/bid/102789 https://security.gentoo.org/glsa/201811-14 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888862 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2018-5772

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-5772

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect