Описание
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file. The bug is fixed in version 0.28.6.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | pending | |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | ignored | changes too intrusive |
| esm-infra/xenial | not-affected | code not present |
| jammy | ignored | changes too intrusive |
| noble | ignored | changes too intrusive |
| plucky | ignored | end of life, was needs-triage |
| questing | ignored | changes too intrusive |
| upstream | released | 0.28.7+dfsg-1 |
Показывать по
5.5 Medium
CVSS3
Связанные уязвимости
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file. The bug is fixed in version 0.28.6.
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file. The bug is fixed in version 0.28.6.
Exiv2 is a C++ library and a command-line utility to read, write, dele ...
Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata
5.5 Medium
CVSS3