Lucene search

Veracode Vulnerability DatabaseVERACODE:8076

HistoryDec 26, 2018 - 3:16 a.m.

Denial Of Service (DoS)

2018-12-2603:16:29

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.009

Percentile

82.9%

JSON

libexiv2 is vulnerable to denial of service (DoS). The vulnerability exists when the attacker input a malicious file to the function findPrimaryGroups of tiffimage_int.cpp.

References

access.redhat.com/errata/RHSA-2019:2101

github.com/Exiv2/exiv2/issues/590

github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206

lists.debian.org/debian-lts-announce/2019/02/msg00038.html

lists.debian.org/debian-lts-announce/2023/01/msg00004.html

lists.fedoraproject.org/archives/list/[email protected]/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/

EPSS

0.009

Percentile

82.9%

JSON

Related for VERACODE:8076