CVE-2020-18898

Un problema de agotamiento de pila en la función printIFDStructure de Exiv2 versión 0.27, permite a atacantes remotos causar una denegación de servicio (DOS) por medio de un archivo diseñado.

The exiv2 program is susceptible to a stack exhaustion issue via a crafted file. The cause of this vulnerability, is due to a flaw in the code which could allow remote attackers to cause a denial of service (DOS). The highest threat from this vulnerability is availability.

An update that fixes 15 vulnerabilities is now available. This update for exiv2 fixes the following issues. Fixed denial of service due to infinite loop in Image:printIFDStructure. Fixed out-of-bounds read in XmpTextValue:read. Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header. Fixed out-of-bounds read in Exiv2:Jp2Image:printStructure. Fixed denial of service inside inefficient algorithm. Fixed integer overflow in CrwMap:encode0x1810. Fixed heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service. Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header. Fixed uncontrolled memory allocation. Fixed remote denial of service in printIFDStructure function. Fixed remote denial of service in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp. Fixed remote denial of service in image.cpp Exiv2::Internal::stringFormat via out-of-bounds read. Fixed segmentation fault caused by uncontrolled recursion inthe Exiv2::Image::printIFDStructure. Fixed an infinite loop in the Exiv2:Image:printIFDStructure function. Fixed segmentation fault when the function Exiv2::tEXtToDataBuf is finished.