Veracode Vulnerability DatabaseVERACODE:21114Denial Of Service (DoS)
EPSS
Percentile
71.4%
exiv2 is vulnerable to denial of service. The vulnerability exists due to a flaw in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp which allows an attacker to crash the application via malicious input.
References
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
access.redhat.com/errata/RHSA-2019:2101
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=1465061
bugzilla.redhat.com/show_bug.cgi?id=1470729
bugzilla.redhat.com/show_bug.cgi?id=1470737
bugzilla.redhat.com/show_bug.cgi?id=1470913
bugzilla.redhat.com/show_bug.cgi?id=1470946
bugzilla.redhat.com/show_bug.cgi?id=1470950
bugzilla.redhat.com/show_bug.cgi?id=1471772
bugzilla.redhat.com/show_bug.cgi?id=1473888
bugzilla.redhat.com/show_bug.cgi?id=1473889
bugzilla.redhat.com/show_bug.cgi?id=1475123
bugzilla.redhat.com/show_bug.cgi?id=1475124
bugzilla.redhat.com/show_bug.cgi?id=1482295
bugzilla.redhat.com/show_bug.cgi?id=1482296
bugzilla.redhat.com/show_bug.cgi?id=1482423
bugzilla.redhat.com/show_bug.cgi?id=1494443
bugzilla.redhat.com/show_bug.cgi?id=1494467
bugzilla.redhat.com/show_bug.cgi?id=1494776
bugzilla.redhat.com/show_bug.cgi?id=1494778
bugzilla.redhat.com/show_bug.cgi?id=1494780
bugzilla.redhat.com/show_bug.cgi?id=1494781
bugzilla.redhat.com/show_bug.cgi?id=1494782
bugzilla.redhat.com/show_bug.cgi?id=1494786
bugzilla.redhat.com/show_bug.cgi?id=1494787
bugzilla.redhat.com/show_bug.cgi?id=1495043
bugzilla.redhat.com/show_bug.cgi?id=1524104
bugzilla.redhat.com/show_bug.cgi?id=1524107
bugzilla.redhat.com/show_bug.cgi?id=1524116
bugzilla.redhat.com/show_bug.cgi?id=1525055
bugzilla.redhat.com/show_bug.cgi?id=1537353
bugzilla.redhat.com/show_bug.cgi?id=1566260
bugzilla.redhat.com/show_bug.cgi?id=1652637
bugzilla.redhat.com/show_bug.cgi?id=1664361
github.com/Exiv2/exiv2/issues/247
security.gentoo.org/glsa/201811-14
Related
