CVE-2020-18898
exiv2: stack exhaustion issue in the printIFDStructure function may lead to DoS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file.
Un problema de agotamiento de pila en la función printIFDStructure de Exiv2 versión 0.27, permite a atacantes remotos causar una denegación de servicio (DOS) por medio de un archivo diseñado.
The exiv2 program is susceptible to a stack exhaustion issue via a crafted file. The cause of this vulnerability, is due to a flaw in the code which could allow remote attackers to cause a denial of service (DOS). The highest threat from this vulnerability is availability.
Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Issues addressed include a denial of service vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-08-13 CVE Reserved
- 2021-08-19 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-674: Uncontrolled Recursion
- CWE-787: Out-of-bounds Write
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://cwe.mitre.org/data/definitions/674.html | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/Exiv2/exiv2/issues/741 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2020-18898 | 2022-05-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2002678 | 2022-05-10 |