Global Buffer Over-Read Vulnerability in Exiv2 Product by Exiv2
CVE-2020-18771

8.1HIGH

Key Information:

Vendor

Exiv2

Status
Exiv2
Vendor
CVE Published:
23 August 2021

What is CVE-2020-18771?

Exiv2 version 0.27.99.0 is susceptible to a global buffer over-read issue within the Exiv2::Internal::Nikon1MakerNote::print0x0088 function. This vulnerability allows for potential information leakage, posing a risk to the integrity of sensitive data. Users are encouraged to update to the latest version to mitigate this issue. Further details can be found in the references, including reports from Debian and Gentoo about security updates and advisories.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/Exiv2/exiv2/issues/756
https://cwe.mitre.org/data/definitions/126.html
https://lists.debian.org/debian-lts-announce/2023/01/msg0...
mailing-list

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.