CVE Vulnerabilities

CVE-2018-19108

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Nov 08, 2018 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Ubuntu
LOW

In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Exiv2 Exiv2 0.26 (including) 0.26 (including)
Red Hat Enterprise Linux 7 RedHat exiv2-0:0.27.0-2.el7_6 *
Red Hat Enterprise Linux 8 RedHat exiv2-0:0.27.2-5.el8 *
Red Hat Enterprise Linux 8 RedHat gegl-0:0.2.0-39.el8 *
Red Hat Enterprise Linux 8 RedHat gnome-color-manager-0:3.28.0-3.el8 *
Red Hat Enterprise Linux 8 RedHat libgexiv2-0:0.10.8-4.el8 *
Exiv2 Ubuntu bionic *
Exiv2 Ubuntu cosmic *
Exiv2 Ubuntu devel *
Exiv2 Ubuntu disco *
Exiv2 Ubuntu trusty *
Exiv2 Ubuntu xenial *

References