PT-2019-6325 · Exiv2+1 · Exiv2+1
Cuanduo
·
Published
2019-07-12
·
Updated
2023-01-13
·
CVE-2019-14370
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Exiv2 version 0.27.99.0
Description
The issue is related to an out-of-bounds read in the
Exiv2::MrwImage::readMetadata() function in mrwimage.cpp. This could result in a denial of service. The vulnerability can be exploited by a remote attacker using a specially crafted file, potentially leading to a denial of service.Recommendations
For Exiv2 version 0.27.99.0, consider disabling the
readMetadata() function as a temporary workaround until a patch is available. Restrict access to the mrwimage.cpp component to minimize the risk of exploitation. Avoid using the Exiv2::MrwImage::readMetadata() function with untrusted input files until the issue is resolved.Exploit
Fix
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Exiv2