AVG-2494 log
| Package | exiv2 |
| Status | Not affected |
| Severity | Low |
| Type | denial of service |
| Affected | 0.27.5-1 |
| Fixed | Not affected |
| Current | 0.28.3-1 [extra] |
| Ticket | None |
| Created | Mon Oct 25 14:16:45 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-18898 | Low | Yes | Denial of service | A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. |
| CVE-2020-18774 | Low | Yes | Denial of service | A float point exception in the printLong function in tags_int.cpp of Exiv2 allows attackers to cause a denial of service (DoS) via a crafted TIF file. |
| CVE-2020-18773 | Low | Yes | Denial of service | An invalid memory access in the decode function in iptc.cpp of Exiv2 allows attackers to cause a denial of service (DoS) via a crafted TIF file. |
| Notes |
|---|
These issues were not reproducible by upstream, or in case of CVE-2020-18898 not considered a security issue. |