CVE-2018-20030

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-20030
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20030.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-20030
Downstream
Related
Published
2019-02-20T17:29:00Z
Modified
2025-10-21T04:33:47.375618Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An error when processing the EXIFIFDINTEROPERABILITY and EXIFIFDEXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.

References

Affected packages

Git / github.com/libexif/exif

Affected ranges

Type
GIT
Repo
https://github.com/libexif/exif
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Type
GIT
Repo
https://github.com/libexif/libexif
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6aa11df549114ebda520dde4cdaea2f9357b2c89

Affected versions

Other

cvs-migration
libexif-0_5_7-rc2
libexif-0_5_7-rc3
libexif-0_5_7-rc4
libexif-0_5_7-release
libexif-0_5_9-release
libexif-0_6_12-release
libexif-0_6_14-release
libexif-0_6_15-release
libexif-0_6_16-release
libexif-0_6_17-release
libexif-0_6_18-release
libexif-0_6_19-release
libexif-0_6_20-release
libexif-0_6_21-release
libexif-before-0_6_0-api-change

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89",
        "signature_version": "v1",
        "target": {
            "file": "libexif/exif-data.c",
            "function": "exif_data_load_data_content"
        },
        "digest": {
            "length": 3311.0,
            "function_hash": "302901202707994216984331950606579128626"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2018-20030-02057104"
    },
    {
        "source": "https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89",
        "signature_version": "v1",
        "target": {
            "file": "libexif/exif-data.c"
        },
        "digest": {
            "line_hashes": [
                "180730666466695198627069636305044271713",
                "267552362675474834118301304982528404129",
                "168011123898595515241842656421436750088",
                "288582176884788969711564459409554742960",
                "221653228437213416979907958566942874761",
                "315263830344390578696039333017964829515",
                "320040878698668606839049661125590061709",
                "333244894477046055627492040996100991662",
                "51000792020720586422501173915697068624",
                "250941959981849102311760123766635010606",
                "229662257558770989081771243119791950311",
                "29983993300281955551111832125327474135",
                "145451879418554507361797084404222514596",
                "112072606822558909660520702739304255490",
                "3708223867772708379596816548084232657",
                "107809466762235892580645902656115842671",
                "100648097221283100155344688524358024279",
                "167734378854134814795222514647712142443",
                "102080351958583188486397010822401441485",
                "194731825340461150409681239306277717185",
                "151498801194374962085810894668753393277",
                "220545708638676926724611534529434096664",
                "60471675717709382162112584679034275564",
                "111414963023346921599376058220527385829",
                "165998181761590833753300508912166147783",
                "163954092343156736115570179522712942135",
                "329558707088965545532931918014824482289",
                "217698494243512294846777944075270585232"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2018-20030-2195919d"
    }
]