CVE-2018-16132

Published: Aug 29, 2018Modified: Nov 21, 2024

8.6

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device.

Affected (1)

Products: Signal: Signal

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Signal Signal	Up to 2.29.0

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

http://seclists.org/bugtraq/2018/Aug/57

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/bugtraq/2018/Aug/57

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.