CVE-2018-20030 — Uncontrolled Resource Consumption in Software LLC Libexif

CWE-400 — Uncontrolled Resource Consumption CWE-20 — Improper Input Validation CWE-674 — Uncontrolled Recursion10 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 26.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libexif Project Libexif Flexera Software LLC Libexif

Timeline

PublishedFeb 20

Latest updateMay 13

Description

An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Debianlibexif_project/libexif< 0.6.21-5.1+3

▶Ubuntulibexif_project/libexif< 0.6.21-2ubuntu0.2+3

▶NVDlibexif_project/libexif0.6.21

▶CVEListV5flexera_software_llc/libexif0.6.21

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9fxq-h6qr-qghc: An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0↗2022-05-13

▶

OSV

libexif vulnerabilities↗2020-05-13

▶

OSV

CVE-2018-20030: An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0↗2019-02-20

▶

CVEList

CVE-2018-20030: An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0↗2019-02-20

▶

📋Vendor Advisories

Ubuntu

libexif vulnerabilities↗2020-05-13

▶

Red Hat

libexif: Input validation issue resulting in a denial of service↗2018-12-20

▶

Debian

CVE-2018-20030: libexif - An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags wi...↗2018

▶

💬Community

Bugzilla

CVE-2018-20030 libexif: Input validation issue resulting in a denial of service↗2019-01-07

▶

Bugzilla

CVE-2018-20030 libexif: Input validation issue resulting in a denial of service [fedora-all]↗2019-01-07

▶