PT-2019-5764 · Exiv2+8 · Exiv2+8

Boo0Mo

Publicado

2019-09-30

Atualizado

2021-09-14

CVE-2019-20421

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Exiv2 version 0.27.2

Description The issue is related to the incorrect handling of input files by the Jp2Image::readMetadata() function in the Exiv2 library, which manages media file metadata. This can lead to an infinite loop and high CPU consumption when processing a crafted file. Remote attackers could exploit this to cause a denial of service.

Recommendations For Exiv2 version 0.27.2, consider disabling the Jp2Image::readMetadata() function until a patch is available to prevent potential denial of service attacks via crafted files.

Exploit

Correção

DoS

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835

Identificadores relacionados

ALSA-2020:1577

ALT-PU-2020-2260

ALT-PU-2020-3301

ALT-PU-2020-3427

AZL-7205

BDU:2021-01492

CESA-2020_1577

CVE-2019-20421

DLA-2750-1

DSA-4958-1

MGASA-2020-0084

RHSA-2020:1577

RHSA-2020_1577

RLSA-2020:1577

SUSE-SU-2020:0860-1

USN-4270-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Exiv2

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2019-5764 · Exiv2+8 · Exiv2+8

CVE-2019-20421

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 113