UBUNTU-CVE-2020-18899

Details

An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input.

Affected Packages

exiv2

Ubuntu Pro 16.04 LTS

Fixed in:

0.25-2.1ubuntu16.04.7+esm5

exiv2

Ubuntu Pro 18.04 LTS

Fixed in:

0.25-3.1ubuntu0.18.04.11+esm1

References

REPORT

https://ubuntu.com/security/CVE-2020-18899

ADVISORY

https://ubuntu.com/security/notices/USN-8103-1

REPORT

https://www.cve.org/CVERecord?id=CVE-2020-18899