PYSEC-2018-118 — Vulnetix

PYSEC-2018-118 PUBLISHED CVSS 6.5 MEDIUM

There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
PyPI	exiv2	0.11.0, 0, 0.1

Timeline

Dec 12, 2018 CVE Published
Oct 9, 2025 CVE Updated
May 1, 2026 Distribution Patch
May 1, 2026 Security Advisory

References

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/ url
https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206 exploit
https://github.com/Exiv2/exiv2/issues/590 discussion
https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html advisory
https://access.redhat.com/errata/RHSA-2019:2101 advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html advisory

Open in Interactive Console →