Fluid Attacks Database

Description

A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	exiv2	=0.28.5+dfsg-1 \|\| =0.28.7+dfsg-1 \|\| =0.28.7+dfsg-2 \|\| =0.28.8+dfsg-1	-
debian 11	exiv2	=0.27.3-3 \|\| =0.27.3-3+deb11u1 \|\| =0.27.3-3+deb11u2 \|\| =0.27.3-3.1 \|\| =0.27.5-1 \|\| =0.27.5-2 \|\| =0.27.5-3 \|\| =0.27.5-4 \|\| =0.27.6-1 \|\| =0.28.0+dfsg-1 \|\| =0.28.0+dfsg-2 \|\| =0.28.0+dfsg-3 \|\| =0.28.0+dfsg-4 \|\| =0.28.1+dfsg-1 \|\| =0.28.1+dfsg-2 \|\| =0.28.1+dfsg-3 \|\| =0.28.2+dfsg-1 \|\| =0.28.3+dfsg-1 \|\| =0.28.3+dfsg-2 \|\| =0.28.4+dfsg-1 \|\| =0.28.4+dfsg-2 \|\| =0.28.5+dfsg-1 \|\| =0.28.7+dfsg-1 \|\| =0.28.7+dfsg-2 \|\| =0.28.8+dfsg-1	-
debian 12	exiv2	=0.27.6-1 \|\| =0.28.0+dfsg-1 \|\| =0.28.0+dfsg-2 \|\| =0.28.0+dfsg-3 \|\| =0.28.0+dfsg-4 \|\| =0.28.1+dfsg-1 \|\| =0.28.1+dfsg-2 \|\| =0.28.1+dfsg-3 \|\| =0.28.2+dfsg-1 \|\| =0.28.3+dfsg-1 \|\| =0.28.3+dfsg-2 \|\| =0.28.4+dfsg-1 \|\| =0.28.4+dfsg-2 \|\| =0.28.5+dfsg-1 \|\| =0.28.7+dfsg-1 \|\| =0.28.7+dfsg-2 \|\| =0.28.8+dfsg-1	-
debian 13	exiv2	=0.28.5+dfsg-1 \|\| =0.28.7+dfsg-1 \|\| =0.28.7+dfsg-2 \|\| =0.28.8+dfsg-1	-
rpm rhel7	compat-exiv2-023	-	-
rpm rhel7	compat-exiv2-026	-	-
rpm rhel6	exiv2	-	-
rpm rhel7	exiv2	-	-
rpm rhel8	exiv2	<0:0.27.5-2.el8	0:0.27.5-2.el8
rpm rhel8	compat-exiv2-026	<0:0.26-7.el8	0:0.26-7.el8

Aliases

1. CVE-2020-188982. NVD-2020-188983. OSV-DEBIAN-2020-188984. OSV-2020-188985. SECURITY-TRACKER-CVE-2020-18898

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.