CVE-2020-18773 — Out-of-bounds Write in Exiv2

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 72.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exiv2 Debian Exiv2

Timeline

PublishedAug 23

Latest updateMay 24

Description

An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDexiv2/exiv20.27.99.0

▶debiandebian/exiv2

🔴Vulnerability Details

GHSA

GHSA-v3cf-r46q-8rgm: An invalid memory access in the decode function in iptc↗2022-05-24

▶

OSV

CVE-2020-18773: An invalid memory access in the decode function in iptc↗2021-08-23

▶

CVEList

CVE-2020-18773: An invalid memory access in the decode function in iptc↗2021-08-23

▶

📋Vendor Advisories

Debian

CVE-2020-18773: exiv2 - An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 a...↗2020

▶

Red Hat

exiv2: invalid memory access in the decode function in iptc.cpp via a crafted tif file↗2019-03-25

▶