PYSEC-2018-120 — Vulnetix

PYSEC-2018-120 PUBLISHED CVSS 6.5 MEDIUM

There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

Risk Scores

CVSS v3.0

6.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
PyPI	exiv2	0, 0.1, 0.11.0

Timeline

Dec 12, 2018 CVE Published
Oct 9, 2025 CVE Updated
May 1, 2026 Distribution Patch
May 1, 2026 Security Advisory

References

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/ url
https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206 exploit
https://github.com/Exiv2/exiv2/issues/590 discussion
https://access.redhat.com/errata/RHSA-2019:2101 advisory

Open in Interactive Console →