HIGH🇬🇧 English

CVE-2018-16132

CVSS 8.6v3.0pub. 2018-08-29upd. 2024-11-21

The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • Signal

    APP
    Signal
    ≤ 2.29.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-28345HIGH7.5ten sam produkt

The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded...

CVE-2020-5753MEDIUM5.3ten sam produkt

Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a ...

CVE-2018-9840MEDIUM6.8ten sam produkt

The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen l...

CVE-2025-5715LOW0.3ten sam produkt

A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerabi...

CVE-2019-17192CRITICAL9.8ten sam vendor

The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videocon...