{
  "threat_severity" : "Low",
  "public_date" : "2018-01-18T00:00:00Z",
  "bugzilla" : {
    "description" : "exiv2: Uncontrolled recursion in image.cpp:Exiv2::Image::printIFDStructure() can allow a remote attacker to cause a denial of service via a crafted tif file",
    "id" : "1536904",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1536904"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-674",
  "details" : [ "In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.", "An unbounded recursion flaw was found in the way Exiv2 handled certain image files. An attacker could potentially use this flaw to crash the exiv2 CLI utility program by tricking it into processing crafted input files." ],
  "statement" : "This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "exiv2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "exiv2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "exiv2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-5772\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5772" ],
  "name" : "CVE-2018-5772",
  "csaw" : false
}