Global Buffer Over-Read Vulnerability in Exiv2 Product by Exiv2
CVE-2020-18771

8.1HIGH

Key Information:

Vendor: Exiv2
Status: Exiv2
Vendor: CVE Published:; 23 August 2021

What is CVE-2020-18771?

Exiv2 version 0.27.99.0 is susceptible to a global buffer over-read issue within the Exiv2::Internal::Nikon1MakerNote::print0x0088 function. This vulnerability allows for potential information leakage, posing a risk to the integrity of sensitive data. Users are encouraged to update to the latest version to mitigate this issue. Further details can be found in the references, including reports from Debian and Gentoo about security updates and advisories.

References

https://github.com/Exiv2/exiv2/issues/756

https://cwe.mitre.org/data/definitions/126.html

https://lists.debian.org/debian-lts-announce/2023/01/msg0...

mailing-list

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2021
Vulnerability Reserved
Aug 13, 2020