Lucene search

K
ubuntucveUbuntu.comUB:CVE-2018-8977
HistoryMar 25, 2018 - 12:00 a.m.

CVE-2018-8977

2018-03-2500:00:00
ubuntu.com
ubuntu.com
21
cve-2018-8977
exiv2
canonmn int
remote attackers
denial of service
crafted file
invalid memory access
github
debian
launchpad
vulnerable code
unix

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

71.4%

In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in
canonmn_int.cpp allows remote attackers to cause a denial of service
(invalid memory access) via a crafted file.

Bugs

Notes

Author Note
debian Vulnerable code introduced after 0.25

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

71.4%