PT-2022-16762 · Unknown+1 · Metadata-Extractor+1

Huang Wenjie

Published

2022-02-24

Updated

2024-01-12

CVE-2022-24613

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions metadata-extractor versions up to 2.16.0

Description The issue allows an application crash due to uncaught exceptions when parsing a specially crafted JPEG file, potentially leading to a denial of service attack against services using the metadata-extractor library.

Recommendations For metadata-extractor versions up to 2.16.0, update to a version later than 2.16.0 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

Exploit

Fix

DoS

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-755

Related Identifiers

CVE-2022-24613

GHSA-P5PG-WM9Q-8V6R

OESA-2024-1023

OESA-2024-1024

OESA-2024-1025

OESA-2024-1054

Affected Products

Debian

Metadata-Extractor

PT-2022-16762 · Unknown+1 · Metadata-Extractor+1

CVE-2022-24613

Weakness Enumeration

Related Identifiers

Affected Products

References · 20