CVE-2018-10998Uncontrolled Resource Consumption in Exiv2

CWE-400Uncontrolled Resource Consumption12 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.9%
top 24.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Exiv2Debian Exiv2Canonical Ubuntu Linux+4 more
Timeline
PublishedMay 12
Latest updateMay 13

Description

An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

debiandebian/exiv2< exiv2 0.25-4 (bookworm)
Debianexiv2/exiv2< 0.25-4+3
Ubuntuexiv2/exiv2< 0.23-1ubuntu2.1+2
NVDexiv2/exiv20.26

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04

🔴Vulnerability Details

3
GHSA
GHSA-gpv8-gxcp-m9x5: An issue was discovered in Exiv2 02022-05-13
OSV
exiv2 vulnerabilities2018-07-03
OSV
CVE-2018-10998: An issue was discovered in Exiv2 02018-05-12

📋Vendor Advisories

3
Ubuntu
Exiv2 vulnerabilities2018-07-03
Red Hat
exiv2: SIGABRT by triggering an incorrect Safe::add call2018-05-09
Debian
CVE-2018-10998: exiv2 - An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remot...2018

💬Community

5
Bugzilla
CVE-2018-10998 exiv2: SIGABRT by triggering an incorrect Safe::add call2018-05-17
Bugzilla
CVE-2018-10998 CVE-2018-10999 CVE-2018-11037 exiv2: various flaws [fedora-all]2018-05-17
Bugzilla
CVE-2018-7712 opencv: assertion failure in validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp2018-03-08
Bugzilla
CVE-2018-7714 opencv: assertion failure in validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp2018-03-08
Bugzilla
CVE-2018-7713 opencv: assertion failure in validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp2018-03-08
CVE-2018-10998 — Uncontrolled Resource Consumption | cvebase