Heap-based Buffer Over-read in Exiv2 Affects Image Processing Capabilities
CVE-2018-14046

8.8HIGH

Key Information:

Vendor

Exiv2

Status
Exiv2
Vendor
CVE Published:
13 July 2018

What is CVE-2018-14046?

Exiv2 version 0.26 contains a vulnerability that allows for heap-based buffer over-reads, specifically within the WebPImage::decodeChunks function located in webpimage.cpp. This vulnerability can potentially lead to information disclosure and may allow attackers to access sensitive data. It is crucial for users of Exiv2 to review their systems for this issue and apply any necessary patches or updates to ensure their image processing capabilities remain secure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/Exiv2/exiv2/issues/378
x_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:2101
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.