PT-2019-5330 · Exiv2+7 · Exiv2+7

Published

2019-06-30

Updated

2023-02-28

CVE-2019-13113

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Exiv2 versions prior to 0.27.2

Description The issue is related to insufficient input validation in the Exiv2 library for managing media file metadata. An attacker can exploit this by using a specially crafted CRW image file, potentially leading to a denial of service (crash due to assertion failure). The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Exiv2 versions prior to 0.27.2, update to version 0.27.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of CRW image files until a patch is available. Avoid using the Exiv2 library with untrusted input data to minimize the risk of exploitation.

Exploit

Fix

DoS

RCE

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-617

Related Identifiers

ALSA-2020:1577

ALT-PU-2019-2468

ALT-PU-2019-2590

BDU:2020-02399

CESA-2020_1577

CVE-2019-13113

MGASA-2019-0415

RHSA-2020:1577

RHSA-2020_1577

RLSA-2020:1577

SUSE-SU-2020:0860-1

USN-4056-1

Affected Products

Alt Linux

Almalinux

Centos

Exiv2

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2019-5330 · Exiv2+7 · Exiv2+7

CVE-2019-13113

Weakness Enumeration

Related Identifiers

Affected Products

References · 112