Candidate: CVE-2020-18899
PublicDate: 2021-08-19 22:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18899
Description:
 An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box))
 function of Exiv2 0.27 allows attackers to cause a denial of service (DOS)
 via a crafted input.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://github.com/Exiv2/exiv2/issues/742
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_exiv2:
 upstream: https://github.com/Exiv2/exiv2/commit/051b5d9df1f4669117937b7a40104404cc252993 (0.27.1)
upstream_exiv2: released (0.27.2-6)
trusty_exiv2: ignored (out of standard support)
trusty/esm_exiv2: DNE
xenial_exiv2: ignored (out of standard support)
esm-infra/xenial_exiv2: needs-triage
bionic_exiv2: needs-triage
focal_exiv2: not-affected (0.27.2-8ubuntu2)
hirsute_exiv2: not-affected
impish_exiv2: not-affected
jammy_exiv2: not-affected
devel_exiv2: not-affected