{"id":"CVE-2018-20030","details":"An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.","modified":"2026-04-16T04:34:45.209220618Z","published":"2019-02-20T17:29:00.820Z","related":["SUSE-SU-2020:0457-1","SUSE-SU-2020:0458-1","SUSE-SU-2020:14294-1","SUSE-SU-2020:1534-1","SUSE-SU-2020:1553-1","SUSE-SU-2020:1553-2","openSUSE-SU-2020:0264-1","openSUSE-SU-2020:0793-1","openSUSE-SU-2024:10939-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html"},{"type":"WEB","url":"https://usn.ubuntu.com/4358-1/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html"},{"type":"ADVISORY","url":"https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/"},{"type":"FIX","url":"https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libexif/libexif","events":[{"introduced":"0"},{"last_affected":"9ab318d93b274df204c195c9a729f778401a8d8f"},{"fixed":"6aa11df549114ebda520dde4cdaea2f9357b2c89"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.6.21"}]}}],"versions":["cvs-migration","libexif-0_5_7-rc2","libexif-0_5_7-rc3","libexif-0_5_7-rc4","libexif-0_5_7-release","libexif-0_5_9-release","libexif-0_6_12-release","libexif-0_6_14-release","libexif-0_6_15-release","libexif-0_6_16-release","libexif-0_6_17-release","libexif-0_6_18-release","libexif-0_6_19-release","libexif-0_6_20-release","libexif-0_6_21-release","libexif-before-0_6_0-api-change"],"database_specific":{"vanir_signatures":[{"id":"CVE-2018-20030-02057104","deprecated":false,"signature_type":"Function","digest":{"length":3311,"function_hash":"302901202707994216984331950606579128626"},"signature_version":"v1","target":{"function":"exif_data_load_data_content","file":"libexif/exif-data.c"},"source":"https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89"},{"id":"CVE-2018-20030-2195919d","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["180730666466695198627069636305044271713","267552362675474834118301304982528404129","168011123898595515241842656421436750088","288582176884788969711564459409554742960","221653228437213416979907958566942874761","315263830344390578696039333017964829515","320040878698668606839049661125590061709","333244894477046055627492040996100991662","51000792020720586422501173915697068624","250941959981849102311760123766635010606","229662257558770989081771243119791950311","29983993300281955551111832125327474135","145451879418554507361797084404222514596","112072606822558909660520702739304255490","3708223867772708379596816548084232657","107809466762235892580645902656115842671","100648097221283100155344688524358024279","167734378854134814795222514647712142443","102080351958583188486397010822401441485","194731825340461150409681239306277717185","151498801194374962085810894668753393277","220545708638676926724611534529434096664","60471675717709382162112584679034275564","111414963023346921599376058220527385829","165998181761590833753300508912166147783","163954092343156736115570179522712942135","329558707088965545532931918014824482289","217698494243512294846777944075270585232"],"threshold":0.9},"signature_version":"v1","target":{"file":"libexif/exif-data.c"},"source":"https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89"}],"vanir_signatures_modified":"2026-04-11T14:54:33Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20030.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}