CVE-2019-17402

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Exiv2 version 0.27.2

Description The issue is related to a lack of validation in the Exiv2 library, specifically in the crwimage int.cpp module, which can lead to a crash when the getULong function is called from CiffDirectory::readDirectory. This is due to the absence of checks on the relationship between the total size and the offset and size. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For Exiv2 version 0.27.2, consider applying input validation to prevent buffer overflows, or restrict access to the crwimage int.cpp module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALSA-2021:1758

ALT-PU-2020-2260

ALT-PU-2020-3301

ALT-PU-2020-3427

AZL-7204

BDU:2020-05759

CESA-2020_4030

CESA-2021_1758

CVE-2019-17402

DLA-2019-1

DLA-3265-1

MGASA-2019-0415

OPENSUSE-SU-2022_4208-1

OPENSUSE-SU-2022_4276-1

RHSA-2020:4030

RHSA-2020_4030

RHSA-2021:1758

RHSA-2021_1758

RLSA-2021:1758

SUSE-SU-2020:0860-1

SUSE-SU-2022:4208-1

SUSE-SU-2022:4276-1

USN-4159-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Exiv2

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2019-17402

Weakness Enumeration

Related Identifiers

Affected Products

References · 71