Описание
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.
An out of bounds read vulnerability was discovered in the way exiv2 parses Canon raw format (CRW) images. An application that uses exiv2 library to parse untrusted images may be vulnerable to this flaw, which could be used by an attacker to extract data from the application's memory or make it crash. The biggest threat with this vulnerability is availability of the system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | exiv2 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-exiv2-023 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-exiv2-026 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | compat-exiv2-026 | Fix deferred | ||
| Red Hat Enterprise Linux 7 | exiv2 | Fixed | RHSA-2020:4030 | 29.09.2020 |
| Red Hat Enterprise Linux 8 | exiv2 | Fixed | RHSA-2021:1758 | 18.05.2021 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in ...
6.5 Medium
CVSS3