Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2025-13814

Опубликовано: 29 авг. 2025
Источник: fstec
CVSS3: 5.5
CVSS2: 4.9
EPSS Низкий

Описание

Уязвимость команд библиотеки для управления метаданными медиафайлов Exiv2 связана с чтением за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Вендор

ООО «Ред Софт»
Exiv2 authors

Наименование ПО

РЕД ОС
Exiv2

Версия ПО

7.3 (РЕД ОС)
до 0.28.6 (Exiv2)

Тип ПО

Операционная система
Прикладное ПО информационных систем

Операционные системы и аппаратные платформы

ООО «Ред Софт» РЕД ОС 7.3

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 4,9)
Средний уровень опасности (базовая оценка CVSS 3.1 составляет 5,5)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://github.com/Exiv2/exiv2/commit/e737332427711f15bcdc4e903203d6b7493eaec0
Для РедОС:
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-exiv2-cve-2025-54080-cve-2025-55304/?sphrase_id=1334556

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 3%
0.00018
Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2025-54080

CVSS3: 5.5
ubuntu
3 месяца назад

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. The bug is fixed in version 0.28.6.

redhat логотип

CVE-2025-54080

CVSS3: 3.3
redhat
3 месяца назад

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. The bug is fixed in version 0.28.6.

nvd логотип

CVE-2025-54080

CVSS3: 5.5
nvd
3 месяца назад

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. The bug is fixed in version 0.28.6.

debian логотип

CVE-2025-54080

CVSS3: 5.5
debian
3 месяца назад

Exiv2 is a C++ library and a command-line utility to read, write, dele ...

github логотип

GHSA-496f-x7cq-cq39

github
3 месяца назад

Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file

EPSS

Процентиль: 3%
0.00018
Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2