CVE-2018-4868Allocation of Resources Without Limits or Throttling in Exiv2

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-400Uncontrolled Resource Consumption6 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.4%
top 40.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Exiv2Debian Exiv2
Timeline
PublishedJan 3
Latest updateMay 13

Description

The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDexiv2/exiv20.26
debiandebian/exiv2

🔴Vulnerability Details

1
GHSA
GHSA-8x93-7gj9-73c3: The Exiv2::Jp2Image::readMetadata function in jp2image2022-05-13

📋Vendor Advisories

2
Red Hat
exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp2018-02-01
Debian
CVE-2018-4868: exiv2 - The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows ...2018

💬Community

2
Bugzilla
CVE-2018-4868 exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp2018-01-05
Bugzilla
CVE-2018-4868 exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp [fedora-all]2018-01-05