What is the vulnerability identified by CVE-2018-16336?

CVE-2018-16336 in Exiv2 v0.26 allows remote attackers to cause a denial of service due to a heap-based buffer over-read by using a crafted image file.

What are the affected versions related to CVE-2018-16336?

Exiv2 v0.26 and specific Ubuntu and Debian versions are affected by CVE-2018-16336, including Ubuntu 18.04, 18.10, and various Debian releases.

How do I fix the vulnerability CVE-2018-16336?

To fix CVE-2018-16336, update Exiv2 to a version greater than 0.26, specifically the patched versions provided by your Linux distribution.

What platforms are impacted by CVE-2018-16336?

CVE-2018-16336 impacts various Linux distributions, specifically versions of Exiv2 used in Ubuntu and Debian.

Is CVE-2018-16336 a critical vulnerability?

CVE-2018-16336 is classified as a denial of service vulnerability, which can disrupt service availability but may not necessarily allow for unauthorized access.

Vulnerability/
CVE-2018-16336

medium

6.5

CWE

125

1/9/2018

2/9/2018

5/8/2024

CVE-2018-16336

First published: Sat Sep 01 2018(Updated: )

Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
ubuntu/exiv2	<0.25-3.1ubuntu0.18.04.2	0.25-3.1ubuntu0.18.04.2
ubuntu/exiv2	<0.25-4ubuntu0.1	0.25-4ubuntu0.1
ubuntu/exiv2	<0.23-1ubuntu2.2	0.23-1ubuntu2.2
ubuntu/exiv2	<0.25-2.1ubuntu16.04.3	0.25-2.1ubuntu16.04.3
debian/exiv2		0.27.3-3+deb11u2 0.27.3-3+deb11u1 0.27.6-1
Exiv2 Exiv2	=0.26
Ubuntu Linux	=14.04
Ubuntu Linux	=16.04
Ubuntu Linux	=18.04
Ubuntu Linux	=18.10
Debian GNU/Linux	=8.0

Remedy

https://github.com/Exiv2/exiv2/commit/35b3e596edacd2437c2c5d3dd2b5c9502626163d

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-3852-1

Frequently Asked Questions

What is the vulnerability identified by CVE-2018-16336?
CVE-2018-16336 in Exiv2 v0.26 allows remote attackers to cause a denial of service due to a heap-based buffer over-read by using a crafted image file.
What are the affected versions related to CVE-2018-16336?
Exiv2 v0.26 and specific Ubuntu and Debian versions are affected by CVE-2018-16336, including Ubuntu 18.04, 18.10, and various Debian releases.
How do I fix the vulnerability CVE-2018-16336?
To fix CVE-2018-16336, update Exiv2 to a version greater than 0.26, specifically the patched versions provided by your Linux distribution.
What platforms are impacted by CVE-2018-16336?
CVE-2018-16336 impacts various Linux distributions, specifically versions of Exiv2 used in Ubuntu and Debian.
Is CVE-2018-16336 a critical vulnerability?
CVE-2018-16336 is classified as a denial of service vulnerability, which can disrupt service availability but may not necessarily allow for unauthorized access.

agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/remedy
agent/weakness
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
collector/usn-cve
source/Ubuntu
agent/software-canonical-lookup
agent/references
collector/security-tracker-debian
source/Debian
agent/trending
agent/source
agent/author
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
package-manager/ubuntu
package-manager/debian
vendor/exiv2
canonical/exiv2 exiv2
version/exiv2 exiv2/0.26
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/14.04
version/ubuntu linux/16.04
version/ubuntu linux/18.04
version/ubuntu linux/18.10
vendor/debian
canonical/debian gnu/linux
version/debian gnu/linux/8.0

Frequently Asked Questions

What is the vulnerability identified by CVE-2018-16336?
CVE-2018-16336 in Exiv2 v0.26 allows remote attackers to cause a denial of service due to a heap-based buffer over-read by using a crafted image file.
What are the affected versions related to CVE-2018-16336?
Exiv2 v0.26 and specific Ubuntu and Debian versions are affected by CVE-2018-16336, including Ubuntu 18.04, 18.10, and various Debian releases.
How do I fix the vulnerability CVE-2018-16336?
To fix CVE-2018-16336, update Exiv2 to a version greater than 0.26, specifically the patched versions provided by your Linux distribution.
What platforms are impacted by CVE-2018-16336?
CVE-2018-16336 impacts various Linux distributions, specifically versions of Exiv2 used in Ubuntu and Debian.
Is CVE-2018-16336 a critical vulnerability?
CVE-2018-16336 is classified as a denial of service vulnerability, which can disrupt service availability but may not necessarily allow for unauthorized access.

CVE-2018-16336

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is the vulnerability identified by CVE-2018-16336?

What are the affected versions related to CVE-2018-16336?

How do I fix the vulnerability CVE-2018-16336?

What platforms are impacted by CVE-2018-16336?

Is CVE-2018-16336 a critical vulnerability?

Company

Resources

Contact

Frequently Asked Questions

What is the vulnerability identified by CVE-2018-16336?

What are the affected versions related to CVE-2018-16336?

How do I fix the vulnerability CVE-2018-16336?

What platforms are impacted by CVE-2018-16336?

Is CVE-2018-16336 a critical vulnerability?