CVE-2019-13110

Опубликовано: 30 июн. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.

Ссылки

https://github.com/Exiv2/exiv2/issues/843
Exploit
Third Party Advisory
https://github.com/Exiv2/exiv2/pull/844
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/
https://usn.ubuntu.com/4056-1/
Third Party Advisory
https://github.com/Exiv2/exiv2/issues/843
Exploit
Third Party Advisory
https://github.com/Exiv2/exiv2/pull/844
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/
https://usn.ubuntu.com/4056-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*

Версия до 0.27.1 (включая)

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01323

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2019-13110

CVSS3: 6.5

ubuntu

больше 6 лет назад

A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.

CVE-2019-13110

CVSS3: 4.4

redhat

больше 6 лет назад

A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.

CVE-2019-13110

CVSS3: 6.5

debian

больше 6 лет назад

A CiffDirectory::readDirectory integer overflow and out-of-bounds read ...

GHSA-x4fr-qpcc-rhww

CVSS3: 6.5

github

больше 3 лет назад

A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.

BDU:2020-02397

CVSS3: 6.5

fstec

больше 6 лет назад

Уязвимость функции CiffDirectory::readDirectory библиотеки для управления метаданными медиафайлов Exiv2, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 80%

0.01323

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125