Описание
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.
A flaw was found in Exiv2, a C++ library and command-line utility for managing image metadata. An out-of-bounds read vulnerability exists within the preview component. This flaw can be triggered when an attacker processes a specially crafted image file using Exiv2 with a specific command-line argument, such as '-pp'. Successful exploitation of this vulnerability typically leads to a denial of service (DoS) due to the application crashing.
Отчет
This is a LOW impact flaw in Exiv2. The vulnerability in the preview component is only triggered when the exiv2 utility is executed with the -pp command-line argument.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | exiv2 | Fix deferred | ||
| Red Hat Enterprise Linux 6 | exiv2 | Fix deferred | ||
| Red Hat Enterprise Linux 7 | compat-exiv2-023 | Fix deferred | ||
| Red Hat Enterprise Linux 7 | compat-exiv2-026 | Fix deferred | ||
| Red Hat Enterprise Linux 7 | exiv2 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | compat-exiv2-026 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | exiv2 | Fix deferred | ||
| Red Hat Enterprise Linux 9 | exiv2 | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.
Exiv2 is a C++ library and a command-line utility to read, write, dele ...
5.3 Medium
CVSS3