cbcvebase.
CVE-2018-20030
published 2019-02-20

CVE-2018-20030: An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.

high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.

Affected

11 ranges
VendorProductVersion rangeFixed in
debianlibexif< libexif 0.6.21-5.1 (bookworm)libexif 0.6.21-5.1 (bookworm)
flexera_software_llclibexif
libexif_projectlibexif
libexif_projectlibexif>= 0 < 0.6.21-5.10.6.21-5.1
libexif_projectlibexif>= 0 < 0.6.21-5.10.6.21-5.1
libexif_projectlibexif>= 0 < 0.6.21-5.10.6.21-5.1
libexif_projectlibexif>= 0 < 0.6.21-5.10.6.21-5.1
libexif_projectlibexif>= 0 < 0.6.21-2ubuntu0.20.6.21-2ubuntu0.2
libexif_projectlibexif>= 0 < 0.6.21-4ubuntu0.20.6.21-4ubuntu0.2
libexif_projectlibexif>= 0 < 0.6.21-6ubuntu0.10.6.21-6ubuntu0.1
libexif_projectlibexif>= 0 < 0.6.21-1ubuntu1+esm20.6.21-1ubuntu1+esm2

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH