Fluid Attacks Database

Description

An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 11	exiv2	=0.27.3-3 \|\| =0.27.3-3+deb11u1 \|\| =0.27.3-3+deb11u2 \|\| =0.27.3-3.1 \|\| =0.27.5-1 \|\| =0.27.5-2 \|\| =0.27.5-3 \|\| =0.27.5-4 \|\| =0.27.6-1 \|\| =0.28.0+dfsg-1 \|\| =0.28.0+dfsg-2 \|\| =0.28.0+dfsg-3 \|\| =0.28.0+dfsg-4 \|\| =0.28.1+dfsg-1 \|\| =0.28.1+dfsg-2 \|\| =0.28.1+dfsg-3 \|\| =0.28.2+dfsg-1 \|\| =0.28.3+dfsg-1 \|\| =0.28.3+dfsg-2 \|\| =0.28.4+dfsg-1 \|\| =0.28.4+dfsg-2 \|\| =0.28.5+dfsg-1 \|\| =0.28.7+dfsg-1 \|\| =0.28.7+dfsg-2 \|\| =0.28.8+dfsg-1
debian 14	exiv2	=0.28.5+dfsg-1 \|\| =0.28.7+dfsg-1 \|\| =0.28.7+dfsg-2 \|\| =0.28.8+dfsg-1
debian 12	exiv2	=0.27.6-1 \|\| =0.28.0+dfsg-1 \|\| =0.28.0+dfsg-2 \|\| =0.28.0+dfsg-3 \|\| =0.28.0+dfsg-4 \|\| =0.28.1+dfsg-1 \|\| =0.28.1+dfsg-2 \|\| =0.28.1+dfsg-3 \|\| =0.28.2+dfsg-1 \|\| =0.28.3+dfsg-1 \|\| =0.28.3+dfsg-2 \|\| =0.28.4+dfsg-1 \|\| =0.28.4+dfsg-2 \|\| =0.28.5+dfsg-1 \|\| =0.28.7+dfsg-1 \|\| =0.28.7+dfsg-2 \|\| =0.28.8+dfsg-1
debian 13	exiv2	=0.28.5+dfsg-1 \|\| =0.28.7+dfsg-1 \|\| =0.28.7+dfsg-2 \|\| =0.28.8+dfsg-1

Aliases

1. CVE-2020-187732. NVD-2020-187733. OSV-DEBIAN-2020-187734. OSV-2020-187735. SECURITY-TRACKER-CVE-2020-18773

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.