CVE-2020-18831 — Out-of-bounds Write in Exiv2

CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.8%

top 25.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exiv2 Debian Exiv2

Timeline

PublishedAug 22

Description

Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/exiv2< exiv2 0.27.2-6 (bookworm)

▶Debianexiv2/exiv2< 0.27.2-6+3

▶NVDexiv2/exiv20.27.1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

CVE-2020-18831: Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage↗2023-08-22

▶

GHSA

GHSA-xwp4-phw7-5mfh: Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage↗2023-08-22

▶

OSV

CVE-2020-18831: Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage↗2023-08-22

▶

📋Vendor Advisories

Debian

CVE-2020-18831: exiv2 - Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2...↗2020

▶