VIR Vulnerability Intelligence Relay

CVE-2018-20099

medium
Published 2018-12-12 · Modified 2021-08-11
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS v2
VIR risk
5.5

Description

Moderate: exiv2 security, bug fix, and enhancement update

Predictions

Exploit likelihood
30%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2020-1577.html

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2020:1577

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2018-20099

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2018-20099.html

OS impact
OSVersionStatusFixed in
suse slesaffected
debian debianbookwormfixed0
debian debianbullseyefixed0
debian debianforkyfixed0
debian debiansidfixed0
debian debiantrixiefixed0
rockylinux rocky8fixed

Package impact
EcosystemPackageVulnerableFixed
python PyPIexiv2

References

Verify integrity in audit chain (admin only). AS-IS.