PT-2025-35224 · Exiv2+5 · Exiv2+5

Gluck-Pwn

Publicado

2025-01-01

Atualizado

2026-03-23

CVE-2025-55304

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Exiv2 versions prior to 0.28.6

Description Exiv2 is a C++ library and a command-line utility used to read, write, delete, and modify image metadata (Exif, IPTC, XMP, and ICC). A denial-of-service issue was identified in the ICC profile parsing code within the jpegBase::readMetadata() function. This issue stems from a quadratic algorithm that can cause prolonged execution times when processing crafted JPG image files. The denial-of-service is triggered when Exiv2 attempts to read the metadata of a specially crafted JPG image.

Recommendations Update to Exiv2 version 0.28.6 or later.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-407

Identificadores relacionados

ALT-PU-2025-11094

AZL-66708

AZL-66767

BDU:2025-13813

CVE-2025-55304

GHSA-M54Q-MM9W-FP6G

OESA-2025-2116

OESA-2025-2117

OESA-2025-2274

OPENSUSE-SU-2026:10298-1

OPENSUSE-SU-2026:20410-1

SUSE-SU-2026:0231-1

SUSE-SU-2026:20923-1

USN-8103-1

USN-8103-2

Produtos afetados

Alt Linux

Debian

Exiv2

Linuxmint

Red Os

Ubuntu

PT-2025-35224 · Exiv2+5 · Exiv2+5

CVE-2025-55304

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 66