Описание
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | metadata-extractor | Out of support scope | ||
| Red Hat Integration Camel K 1 | metadata-extractor | Fix deferred | ||
| Red Hat Integration Camel Quarkus 1 | metadata-extractor | Fix deferred | ||
| Red Hat JBoss BRMS 5 | metadata-extractor | Out of support scope | ||
| Red Hat JBoss BRMS 6 | metadata-extractor | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | metadata-extractor | Out of support scope | ||
| Red Hat JBoss Fuse 6 | metadata-extractor | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | metadata-extractor | Out of support scope | ||
| Red Hat Fuse 7.11 | metadata-extractor | Fixed | RHSA-2022:5532 | 07.07.2022 |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.
When reading a specially crafted JPEG file, metadata-extractor up to 2 ...
Allocation of Resources Without Limits or Throttling in metadata-extractor
5.5 Medium
CVSS3