PublicDateAtUSN: 2019-02-20 17:29:00 UTC
Candidate: CVE-2018-20030
PublicDate: 2019-02-20 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030
 https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/
 https://ubuntu.com/security/notices/USN-4358-1
Description:
 An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF
 tags within libexif version 0.6.21 can be exploited to exhaust available
 CPU resources.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918730
Priority: low
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_libexif:
 upstream: https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89
upstream_libexif: needs-triage
precise/esm_libexif: released (0.6.20-2ubuntu0.3)
trusty_libexif: ignored (reached end-of-life)
trusty/esm_libexif: released (0.6.21-1ubuntu1+esm2)
xenial_libexif: released (0.6.21-2ubuntu0.2)
esm-infra/xenial_libexif: released (0.6.21-2ubuntu0.2)
bionic_libexif: released (0.6.21-4ubuntu0.2)
cosmic_libexif: ignored (reached end-of-life)
disco_libexif: not-affected (0.6.21-5.1)
eoan_libexif: not-affected (0.6.21-5.1)
focal_libexif: not-affected (0.6.21-5.1)
devel_libexif: not-affected (0.6.21-5.1)