-
Notifications
You must be signed in to change notification settings - Fork 53
/
PYSEC-2018-117.yaml
54 lines (54 loc) · 1.3 KB
/
PYSEC-2018-117.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
id: PYSEC-2018-117
details: There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function
of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial
of service attack.
aliases:
- CVE-2018-20096
modified: '2024-01-02T15:20:59.143416Z'
published: '2018-12-12T10:29:00Z'
references:
- type: EVIDENCE
url: https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206
- type: WEB
url: https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206
- type: REPORT
url: https://github.com/Exiv2/exiv2/issues/590
- type: EVIDENCE
url: https://github.com/Exiv2/exiv2/issues/590
- type: FIX
url: https://github.com/Exiv2/exiv2/issues/590
- type: ADVISORY
url: https://access.redhat.com/errata/RHSA-2019:2101
- type: WEB
url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/
affected:
- package:
name: exiv2
ecosystem: PyPI
purl: pkg:pypi/exiv2
ranges:
- type: ECOSYSTEM
events:
- introduced: '0'
versions:
- '0.1'
- 0.11.0
- 0.11.1
- 0.11.2
- 0.11.3
- 0.12.0
- 0.12.1
- 0.13.0
- 0.13.1
- 0.13.2
- 0.14.0
- 0.14.1
- '0.2'
- '0.3'
- 0.3.1
- 0.15.0
- 0.16.0
- 0.16.1
severity:
- type: CVSS_V3
score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H