PT-2019-5331 · Exiv2+8 · Exiv2+8

Kevinbackhouse

Published

2019-06-30

Updated

2024-06-15

CVE-2019-13114

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Exiv2 versions 0.27.1 and earlier

Description The issue is related to a NULL pointer dereference in the http.c component of the Exiv2 library, which can be exploited by a malicious HTTP server. This exploitation can lead to a denial of service (crash) by returning a crafted response that lacks a space character. The vulnerability can be exploited by a remote attacker.

Recommendations For Exiv2 versions 0.27.1 and earlier, update to a version later than 0.27.1 to resolve the issue. As a temporary workaround, consider restricting access to the http.c component until a patch is available.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2020:1577

ALT-PU-2019-2468

ALT-PU-2019-2590

BDU:2020-02400

CESA-2020_1577

CVE-2019-13114

DLA-3265-1

MGASA-2019-0415

OPENSUSE-SU-2020:0482-1

OPENSUSE-SU-2020_0482-1

OPENSUSE-SU-2024:12399-1

PYSEC-2019-257

RHSA-2020:1577

RHSA-2020_1577

RLSA-2020:1577

SUSE-SU-2020:0921-1

USN-4056-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Exiv2

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2019-5331 · Exiv2+8 · Exiv2+8

CVE-2019-13114

Weakness Enumeration

Related Identifiers

Affected Products

References · 136