CVE-2018-16132

HIGH Year: 2018
CVSS v3 Score
8.6
High
CVSS v2 Score
7.8
High
Weakness Type
CWE-400
View all →

Vulnerability Description

The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device.

Related Vulnerabilities

CVE-2015-1779

HIGH
CVSS:8.6(High)

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

CWE-4002015

CVE-2016-6171

HIGH
CVSS:8.6(High)

Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR.

CWE-4002016

CVE-2017-15119

HIGH
CVSS:8.6(High)

The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CP...

CWE-4002017

CVE-2017-17051

HIGH
CVSS:8.6(High)

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hyperv...

CWE-4002017

CVE-2017-9627

HIGH
CVSS:8.6(High)

An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability cou...

CWE-4002017

CVE-2018-0086

HIGH
CVSS:8.6(High)

A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected ...

CWE-4002018