Fluid Attacks Database

Description

An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	exiv2	>=0 <0.27.2-6	0.27.2-6
debian 11	exiv2	>=0 <0.27.2-6	0.27.2-6
debian 12	exiv2	>=0 <0.27.2-6	0.27.2-6
pypi	exiv2	=0.1 \|\| =0.11.0 \|\| =0.11.1 \|\| =0.11.2 \|\| =0.11.3 \|\| =0.12.0 \|\| =0.12.1 \|\| =0.13.0 \|\| =0.13.1 \|\| =0.13.2 \|\| =0.14.0 \|\| =0.14.1 \|\| =0.15.0 \|\| =0.16.0 \|\| =0.16.1 \|\| =0.16.2 \|\| =0.16.2.post1 \|\| =0.16.3 \|\| =0.16.3.post1 \|\| =0.17.0 \|\| =0.17.1 \|\| =0.2 \|\| =0.3 \|\| =0.3.1 \|\| =0.17.2 \|\| =0.17.3 \|\| =0.17.4 \|\| =0.17.5	-
debian 13	exiv2	>=0 <0.27.2-6	0.27.2-6
rpm rhel7	exiv2	-	-
rpm rhel7	compat-exiv2-023	-	-
rpm rhel7	compat-exiv2-026	-	-
rpm rhel6	exiv2	-	-

Aliases

1. CVE-2020-188992. NVD-2020-188993. OSV-DEBIAN-2020-188994. OSV-2020-188995. OSV-PYSEC-2021-8796. GCVE-2020-188997. SECURITY-TRACKER-CVE-2020-188998. security.gentoo.org

References

1. https://github.com/Exiv2/exiv2/issues/7422. https://cwe.mitre.org/data/definitions/789.html