PT-2019-6325 · Exiv2+1 · Exiv2+1
Cuanduo
·
Publicado
2019-07-12
·
Atualizado
2023-01-13
·
CVE-2019-14370
CVSS v2.0
7.1
Alta
| Vetor | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Exiv2 version 0.27.99.0
Description
The issue is related to an out-of-bounds read in the
Exiv2::MrwImage::readMetadata() function in mrwimage.cpp. This could result in a denial of service. The vulnerability can be exploited by a remote attacker using a specially crafted file, potentially leading to a denial of service.Recommendations
For Exiv2 version 0.27.99.0, consider disabling the
readMetadata() function as a temporary workaround until a patch is available. Restrict access to the mrwimage.cpp component to minimize the risk of exploitation. Avoid using the Exiv2::MrwImage::readMetadata() function with untrusted input files until the issue is resolved.Exploit
Correção
DoS
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Astra Linux
Exiv2