Lucene search

MitreCVELIST:CVE-2018-20098

HistoryDec 12, 2018 - 8:00 a.m.

CVE-2018-20098

2018-12-1208:00:00

mitre

www.cve.org

AI Score

6.5

Confidence

High

EPSS

0.004

Percentile

73.7%

JSON

There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

References

access.redhat.com/errata/RHSA-2019:2101

github.com/Exiv2/exiv2/issues/590

github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/