Published: 25/03/2018 Updated: 06/08/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote malicious users to cause a denial of service (invalid memory access) via a crafted file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
exiv2 exiv2 0.26

Synopsis Low: exiv2 security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update for exiv2 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base sc ...

Debian Bug report logs - #894179 exiv2: CVE-2018-8977 Package: src:exiv2; Maintainer for src:exiv2 is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 27 Mar 2018 04:15:02 UTC Severity: grave Tags: fixed-upstream, security, upstream Fou ...

An integer underflow, leading to heap-based out-of-bound read, was found in the way Exiv2 library prints IPTC Photo Metadata embedded in an image By persuading a victim to open a crafted image, a remote attacker could crash the application or possibly retrieve a portion of memory(CVE-2017-17724) The tEXtToDataBuf function in pngimagecpp in Exiv2 ...

In Exiv2 026, the Exiv2::Internal::printCsLensFFFF function in canonmn_intcpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file ...

CWE-119 https://github.com/Exiv2/exiv2/issues/247 https://security.gentoo.org/glsa/201811-14 https://access.redhat.com/errata/RHSA-2019:2101 https://access.redhat.com/errata/RHSA-2019:2101 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2019-1339.html

CVE-2018-8977

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect