Out-of-Bounds Read Vulnerability in Exiv2 Product
CVE-2018-9305

8.1HIGH

Key Information:

Vendor

Exiv2

Status
Exiv2
Vendor
CVE Published:
4 April 2018

What is CVE-2018-9305?

The Exiv2 library, specifically version 0.26, contains an out-of-bounds read vulnerability in the IptcData::printStructure function within iptc.c. This flaw can potentially lead to application crashes or disclosure of sensitive information, particularly when the input meets specific conditions associated with the '== 0x1c' case. It is crucial for users and developers to address this vulnerability to maintain the integrity and security of their software.

References

https://github.com/Exiv2/exiv2/issues/263
x_refsource_MISC
https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md
x_refsource_MISC
https://security.gentoo.org/glsa/201811-14
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.