libexiv2.so is vulnerable to denial of service (DoS). The vulnerability exists because the function Exiv2::MrwImage::readMetadata()
in mrwimage.cpp
does not handle the bound checking properly, causing an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
libexiv2.so | le | 26.0.0 | |
libexiv2.so | le | 26.0.0 | |
exiv2:buster | eq | 0.25-4+deb10u1 |
www.securityfocus.com/bid/109117
fuzzit.dev/2019/07/11/discovering-cve-2019-13504-cve-2019-13503-and-the-importance-of-api-fuzzing/
github.com/Exiv2/exiv2/commit/6ca49acd13bdf357ea4299ae0a747eca47868cc5#diff-1ae85636e7d473c614ac584f3a8ef08aR1155
github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9
github.com/Exiv2/exiv2/pull/943
github.com/Exiv2/exiv2/pull/946
lists.debian.org/debian-lts-announce/2019/07/msg00015.html
lists.debian.org/debian-lts-announce/2023/01/msg00004.html