Out-of-Bounds Read in Exiv2 Affects Multiple Versions
CVE-2018-9144

8.1HIGH

Key Information:

Vendor

Exiv2

Status
Exiv2
Vendor
CVE Published:
30 March 2018

What is CVE-2018-9144?

In Exiv2 version 0.26, there exists a vulnerability characterized by an out-of-bounds read in the Exiv2::Internal::binaryToString function within image.cpp. This issue may lead to potential denial of service or unauthorized information disclosure, posing a risk to system integrity and confidentiality.

References

https://github.com/Exiv2/exiv2/issues/254
x_refsource_MISC
https://github.com/xiaoqx/pocs/tree/master/exiv2
x_refsource_MISC
https://security.gentoo.org/glsa/201811-14
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.