Описание
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
Отчет
This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | exiv2 | Not affected | ||
| Red Hat Enterprise Linux 7 | exiv2 | Fixed | RHSA-2019:2101 | 06.08.2019 |
| Red Hat Enterprise Linux 8 | exiv2 | Fixed | RHSA-2020:1577 | 28.04.2020 |
| Red Hat Enterprise Linux 8 | gegl | Fixed | RHSA-2020:1577 | 28.04.2020 |
| Red Hat Enterprise Linux 8 | gnome-color-manager | Fixed | RHSA-2020:1577 | 28.04.2020 |
| Red Hat Enterprise Linux 8 | libgexiv2 | Fixed | RHSA-2020:1577 | 28.04.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroup ...
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
Уязвимость компонента tiffimage_int.cpp библиотеки для управления метаданными медиафайлов Exiv2, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
3.3 Low
CVSS3