Описание
Allocation of Resources Without Limits or Throttling in metadata-extractor
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-24614
- https://github.com/drewnoakes/metadata-extractor/issues/561
- https://github.com/drewnoakes/metadata-extractor/pull/570
- https://github.com/drewnoakes/metadata-extractor/commit/85ec243df54133a87f9d928d2278595f52b07519
- https://github.com/drewnoakes/metadata-extractor/releases/tag/2.18.0
Пакеты
com.drewnoakes:metadata-extractor
< 2.18.0
2.18.0
Связанные уязвимости
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.
When reading a specially crafted JPEG file, metadata-extractor up to 2 ...