Heap-based Buffer Over-read in Exiv2 Affects Image Processing Capabilities
CVE-2018-14046

8.8HIGH

Key Information:

Vendor: Exiv2
Status: Exiv2
Vendor: CVE Published:; 13 July 2018

What is CVE-2018-14046?

Exiv2 version 0.26 contains a vulnerability that allows for heap-based buffer over-reads, specifically within the WebPImage::decodeChunks function located in webpimage.cpp. This vulnerability can potentially lead to information disclosure and may allow attackers to access sensitive data. It is crucial for users of Exiv2 to review their systems for this issue and apply any necessary patches or updates to ensure their image processing capabilities remain secure.

References

https://github.com/Exiv2/exiv2/issues/378

x_refsource_MISC

https://access.redhat.com/errata/RHSA-2019:2101

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2018
Vulnerability Reserved
Jul 13, 2018