PT-2019-5764 · Exiv2+8 · Exiv2+8

Boo0Mo

Published

2019-09-30

Updated

2021-09-14

CVE-2019-20421

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Exiv2 version 0.27.2

Description The issue is related to the incorrect handling of input files by the Jp2Image::readMetadata() function in the Exiv2 library, which manages media file metadata. This can lead to an infinite loop and high CPU consumption when processing a crafted file. Remote attackers could exploit this to cause a denial of service.

Recommendations For Exiv2 version 0.27.2, consider disabling the Jp2Image::readMetadata() function until a patch is available to prevent potential denial of service attacks via crafted files.

Exploit

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALSA-2020:1577

ALT-PU-2020-2260

ALT-PU-2020-3301

ALT-PU-2020-3427

AZL-7205

BDU:2021-01492

CESA-2020_1577

CVE-2019-20421

DLA-2750-1

DSA-4958-1

MGASA-2020-0084

RHSA-2020:1577

RHSA-2020_1577

RLSA-2020:1577

SUSE-SU-2020:0860-1

USN-4270-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Exiv2

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2019-5764 · Exiv2+8 · Exiv2+8

CVE-2019-20421

Weakness Enumeration

Related Identifiers

Affected Products

References · 113