CVE-2020-18774 — Divide By Zero in Exiv2

CWE-369 — Divide By Zero5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 72.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exiv2 Debian Exiv2

Timeline

PublishedAug 23

Latest updateMay 24

Description

A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDexiv2/exiv20.27.99.0

▶debiandebian/exiv2

🔴Vulnerability Details

GHSA

GHSA-wqqc-qm65-p7r6: A float point exception in the printLong function in tags_int↗2022-05-24

▶

OSV

CVE-2020-18774: A float point exception in the printLong function in tags_int↗2021-08-23

▶

📋Vendor Advisories

Debian

CVE-2020-18774: exiv2 - A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27....↗2020

▶

Red Hat

exiv2: float point exception in the printLong function in tags_int.cpp via a crafted tif file↗2019-03-25

▶