Описание
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.
A flaw was found in the Exiv2 library. An out-of-bounds read can be triggered when the metadata of a specially crafted ASF video file is processed, causing the application linked to the library to crash, resulting in a denial of service.
Отчет
The support for the ASF video format was introduced in Exiv2 version 0.28.0. This Exiv2 version is not shipped in any Red Hat product. Therefore, Exiv2 as shipped in Red Hat Enterprise Linux 7, 8, and 9 is not affected by this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | exiv2 | Not affected | ||
| Red Hat Enterprise Linux 7 | compat-exiv2-023 | Not affected | ||
| Red Hat Enterprise Linux 7 | compat-exiv2-026 | Not affected | ||
| Red Hat Enterprise Linux 7 | exiv2 | Not affected | ||
| Red Hat Enterprise Linux 8 | compat-exiv2-026 | Not affected | ||
| Red Hat Enterprise Linux 8 | exiv2 | Not affected | ||
| Red Hat Enterprise Linux 9 | exiv2 | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.
Exiv2 is a command-line utility and C++ library for reading, writing, ...
6.5 Medium
CVSS3