CVE-2019-20421

Опубликовано: 30 сент. 2019

Источник: redhat

CVSS3: 7.5

Описание

In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

A denial of service vulnerability was found in exiv2 in the way JPEG 2000 (JP2) metadata was read when processing an image file. A remote attacker could abuse this flaw to create a specially crafted image, causing exiv2 to enter into an infinite loop when processing an incoming malicious image.

Отчет

This flaw did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6, 7, and 8 as they did not include the vulnerable code, which was introduced in a later version of the library.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	exiv2	Not affected
Red Hat Enterprise Linux 7	exiv2	Not affected
Red Hat Enterprise Linux 8	exiv2	Fixed	RHSA-2020:1577	28.04.2020
Red Hat Enterprise Linux 8	gegl	Fixed	RHSA-2020:1577	28.04.2020
Red Hat Enterprise Linux 8	gnome-color-manager	Fixed	RHSA-2020:1577	28.04.2020
Red Hat Enterprise Linux 8	libgexiv2	Fixed	RHSA-2020:1577	28.04.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-835->CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1800472exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS

7.5 High

CVSS3

Связанные уязвимости

CVE-2019-20421

CVSS3: 7.5

ubuntu

больше 5 лет назад

CVE-2019-20421

CVSS3: 7.5

nvd

больше 5 лет назад

CVE-2019-20421

CVSS3: 7.5

msrc

больше 3 лет назад

Описание отсутствует

CVE-2019-20421

CVSS3: 7.5

debian

больше 5 лет назад

In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input ...

GHSA-p4gw-2vrq-j64q

github

около 3 лет назад

7.5 High

CVSS3