CVE-2018-8976
exiv2: out-of-bounds read in Exiv2::Internal::stringFormat image.cpp
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.
En Exiv2 0.26, jpgimage.cpp permite que atacantes remotos provoquen una denegación de servicio (lectura fuera de límites de Exiv2::Internal::stringFormat en image.cpp) mediante un archivo manipulado.
An update that fixes 15 vulnerabilities is now available. This update for exiv2 fixes the following issues. Fixed denial of service due to infinite loop in Image:printIFDStructure. Fixed out-of-bounds read in XmpTextValue:read. Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header. Fixed out-of-bounds read in Exiv2:Jp2Image:printStructure. Fixed denial of service inside inefficient algorithm. Fixed integer overflow in CrwMap:encode0x1810. Fixed heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service. Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header. Fixed uncontrolled memory allocation. Fixed remote denial of service in printIFDStructure function. Fixed remote denial of service in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp. Fixed remote denial of service in image.cpp Exiv2::Internal::stringFormat via out-of-bounds read. Fixed segmentation fault caused by uncontrolled recursion inthe Exiv2::Image::printIFDStructure. Fixed an infinite loop in the Exiv2:Image:printIFDStructure function. Fixed segmentation fault when the function Exiv2::tEXtToDataBuf is finished.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-03-24 CVE Reserved
- 2018-03-25 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/Exiv2/exiv2/issues/246 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:2101 | 2023-01-13 | |
| https://security.gentoo.org/glsa/201811-14 | 2023-01-13 | |
| https://access.redhat.com/security/cve/CVE-2018-8976 | 2019-08-06 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1561213 | 2019-08-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Exiv2 Search vendor "Exiv2" | Exiv2 Search vendor "Exiv2" for product "Exiv2" | 0.26 Search vendor "Exiv2" for product "Exiv2" and version "0.26" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||