CVE-2018-9303Reachable Assertion in Exiv2

CWE-617Reachable Assertion6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 37.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Exiv2Debian Exiv2
Timeline
PublishedApr 4
Latest updateMay 13

Description

In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDexiv2/exiv2< 0.26
debiandebian/exiv2

🔴Vulnerability Details

1
GHSA
GHSA-78r6-w4c8-vpmp: In Exiv2 02022-05-13

📋Vendor Advisories

2
Red Hat
exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp2018-04-04
Debian
CVE-2018-9303: exiv2 - In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cp...2018

💬Community

2
Bugzilla
CVE-2018-9303 CVE-2018-9304 CVE-2018-9305 CVE-2018-9306 exiv2: various flaws [fedora-all]2018-04-12
Bugzilla
CVE-2018-9303 exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp2018-04-12