CVE-2018-5772 — Uncontrolled Recursion in Exiv2

CWE-674 — Uncontrolled Recursion6 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 37.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exiv2 Debian Exiv2

Timeline

PublishedJan 18

Latest updateMay 13

Description

In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDexiv2/exiv20.26

▶debiandebian/exiv2

🔴Vulnerability Details

GHSA

GHSA-5fh8-wc7h-jjmx: In Exiv2 0↗2022-05-13

▶

📋Vendor Advisories

Red Hat

exiv2: Uncontrolled recursion in image.cpp:Exiv2::Image::printIFDStructure() can allow a remote attacker to cause a denial of service via a crafted tif file↗2018-01-18

▶

Debian

CVE-2018-5772: exiv2 - In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in...↗2018

▶

💬Community

Bugzilla

CVE-2018-5772 exiv2: Uncontrolled recursion in image.cpp:Exiv2::Image::printIFDStructure() can allow a remote attacker to cause a denial of service via a crafted tif file [fedora-all]↗2018-01-22

▶

Bugzilla

CVE-2018-5772 exiv2: Uncontrolled recursion in image.cpp:Exiv2::Image::printIFDStructure() can allow a remote attacker to cause a denial of service via a crafted tif file↗2018-01-22

▶