CVE-2018-16132

{"id": "CVE-2018-16132", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2018-08-29T22:29:00.353", "references": [{"url": "http://seclists.org/bugtraq/2018/Aug/57", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device."}, {"lang": "es", "value": "El componente de renderizado de im\u00e1genes (createGenericPreview) de la aplicaci\u00f3n Open Whisper Signal hasta la versi\u00f3n 2.29.0 para iOS no comprueba si hay im\u00e1genes demasiado grandes antes de manipular las im\u00e1genes recibidas. Esto permite que una imagen grande enviada a un usuario agote toda la memoria disponible cuando se muestra la imagen, lo que resulta en un reinicio forzado del dispositivo."}], "lastModified": "2018-11-08T19:45:42.830", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:signal:signal:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "21BA7940-D19C-49F2-82DF-31F4100F6200", "versionEndIncluding": "2.29.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}