Heap-Based Buffer Overflow in Exiv2 Affects Multiple Linux Distributions
CVE-2018-11531

9.8CRITICAL

Key Information:

Vendor

Exiv2

Status
Exiv2
Vendor
CVE Published:
29 May 2018

What is CVE-2018-11531?

Exiv2 version 0.26 is susceptible to a heap-based buffer overflow within the 'getData' function, located in preview.cpp. This vulnerability can lead to potential exploitation, allowing an attacker to execute arbitrary code through crafted input that triggers the overflow. The issue impacts multiple Linux distributions, making it critical for users to apply patches or updates to mitigate the risks associated with this vulnerability. Security advisories from various Linux distributions including Ubuntu, Debian, and Gentoo recommend immediate attention to this flaw.

References

https://github.com/Exiv2/exiv2/issues/283
x_refsource_CONFIRM
https://usn.ubuntu.com/3700-1/
vendor-advisoryx_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4238
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.