Base Score

MEDIUM6.5

CVE-2018-10958

In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.

VectorNETWORK

Published Bycve@mitre.org

Published DateMay 10, 2018, 02:29

Weakness Type (CWE):CWE-119

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

https://access.redhat.com/errata/RHSA-2019:2101
https://github.com/Exiv2/exiv2/issues/302
https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html
https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html
https://security.gentoo.org/glsa/201811-14
https://usn.ubuntu.com/3700-1/
https://www.debian.org/security/2018/dsa-4238

Base Score

MEDIUM6.5

Weakness Type (CWE):CWE-119

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH