Bug 1536904 (CVE-2018-5772)
| Summary: | CVE-2018-5772 exiv2: Uncontrolled recursion in image.cpp:Exiv2::Image::printIFDStructure() can allow a remote attacker to cause a denial of service via a crafted tif file | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | jdeenada, jgrulich, michel, rdieter |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
An unbounded recursion flaw was found in the way Exiv2 handled certain image files. An attacker could potentially use this flaw to crash the exiv2 CLI utility program by tricking it into processing crafted input files.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-08 03:37:45 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1536905, 1548336, 1548410 | ||
| Bug Blocks: | 1536906 | ||
|
Description
Sam Fowler
2018-01-22 01:51:22 UTC
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1536905] Statement: This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. |