CVE-2018-16132

EPSS 0.3%
Veröffentlicht 29.08.2018 22:29:00
Zuletzt bearbeitet 21.11.2024 03:52:07
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Signal ≫ Signal SwPlatformiphone_os Version <= 2.29.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.499

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.6	3.9	4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

http://seclists.org/bugtraq/2018/Aug/57

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2018-16132

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-16132

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-16132

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-16132