CVE-2024-39695

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions Exiv2 versions v0.28.0 through v0.28.2

Description An out-of-bounds read was found in the parser for the ASF video format, a new feature introduced in version v0.28.0. This issue is triggered when Exiv2 is used to read the metadata of a crafted video file.

Recommendations For Exiv2 versions v0.28.0 through v0.28.2, update to version v0.28.3 to resolve the issue. As a temporary workaround, consider avoiding the use of Exiv2 to read the metadata of video files until the update is applied.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2024-9734

AZL-43224

AZL-43237

CVE-2024-39695

GHSA-38RV-8X93-PVRH

OESA-2024-1841

OPENSUSE-SU-2024:14184-1

OPENSUSE-SU-2026:20410-1

SUSE-SU-2026:20923-1

Affected Products

Alt Linux

Exiv2

CVE-2024-39695

Weakness Enumeration

Related Identifiers

Affected Products

References · 36