DEBIAN-CVE-2020-18898

DEBIAN-CVE-2020-18898 PUBLISHED CVSS 6.5 MEDIUM

A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file.

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:11	exiv2	0.28.8+dfsg, 0, 0.27.3-3
Debian:12	exiv2	0.28.2+dfsg, 0.28.3+dfsg, 0.28.3+dfsg
Debian:13	exiv2	0.28.8+dfsg-1, 0, 0.28.5+dfsg
Debian:14	exiv2	0, *, 0.28.8+dfsg-1

Timeline

Aug 19, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-18898 advisory

Open in Interactive Console →