6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
77.9%
Exiv2 teams reports:
Multiple vulnerabilities covering buffer overflows, out-of-bounds,
read of uninitialized memory and denial of serivce. The heap
overflow is triggered when Exiv2 is used to read the metadata of
a crafted image file. An attacker could potentially exploit the
vulnerability to gain code execution, if they can trick the victim
into running Exiv2 on a crafted image file. The out-of-bounds read
is triggered when Exiv2 is used to write metadata into a crafted
image file. An attacker could potentially exploit the vulnerability
to cause a denial of service by crashing Exiv2, if they can trick
the victim into running Exiv2 on a crafted image file. The read of
uninitialized memory is triggered when Exiv2 is used to read the
metadata of a crafted image file. An attacker could potentially
exploit the vulnerability to leak a few bytes of stack memory, if
they can trick the victim into running Exiv2 on a crafted image
file.
github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5
github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr
github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v
github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj
github.com/Exiv2/exiv2/security/advisories/GHSA-9jp9-m3fv-2vg9
github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p
github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm
github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
77.9%