Lucene search

Veracode Vulnerability DatabaseVERACODE:20919

HistoryJul 29, 2019 - 4:05 a.m.

Denial Of Service (DoS)

2019-07-2904:05:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.006 Low

EPSS

Percentile

78.1%

JSON

libexiv2.so is vulnerable to denial of service (DoS). The vulnerability exists because the function Exiv2::MrwImage::readMetadata() in mrwimage.cpp does not handle the bound checking properly, causing an application crash.

CPENameOperatorVersion
libexiv2.sole26.0.0
libexiv2.sole26.0.0
exiv2:bustereq0.25-4+deb10u1

Name	Operator	Version
libexiv2.so	le	26.0.0
libexiv2.so	le	26.0.0
exiv2:buster	eq	0.25-4+deb10u1

References

www.securityfocus.com/bid/109117

fuzzit.dev/2019/07/11/discovering-cve-2019-13504-cve-2019-13503-and-the-importance-of-api-fuzzing/

github.com/Exiv2/exiv2/commit/6ca49acd13bdf357ea4299ae0a747eca47868cc5#diff-1ae85636e7d473c614ac584f3a8ef08aR1155

github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9

github.com/Exiv2/exiv2/pull/943

github.com/Exiv2/exiv2/pull/946

lists.debian.org/debian-lts-announce/2019/07/msg00015.html

lists.debian.org/debian-lts-announce/2023/01/msg00004.html

0.006 Low

EPSS

Percentile

78.1%

JSON

Related for VERACODE:20919