Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2019-17402

Published: 09/10/2019 Updated: 13/01/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Exiv2

Vulnerability Summary

Exiv2 0.27.2 allows malicious users to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

exiv2 exiv2 0.27.2

debian debian linux 8.0

debian debian linux 10.0

canonical ubuntu linux 18.04

canonical ubuntu linux 19.04

canonical ubuntu linux 19.10

canonical ubuntu linux 16.04

Vendor Advisories

Red Hat: Low: exiv2 security update
Synopsis Low: exiv2 security update Type/Severity Security Advisory: Low Topic An update for exiv2 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a detaile ...
Debian CVElist Bug Report Logs: exiv2: CVE-2019-17402
Debian Bug report logs - #946341 exiv2: CVE-2019-17402 Package: src:exiv2; Maintainer for src:exiv2 is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 7 Dec 2019 15:21:02 UTC Severity: important Tags: security, upstream Found in versi ...
Ubuntu Security Notice: exiv2 vulnerability
Exiv2 could be made to crash if it received a specially crafted file ...
Amazon Linux 2: ALAS2-2020-1512
An out of bounds read vulnerability was discovered in the way exiv2 parses Canon raw format (CRW) images An application that uses exiv2 library to parse untrusted images may be vulnerable to this flaw, which could be used by an attacker to extract data from the application's memory or make it crash The biggest threat with this vulnerability is av ...

References

CWE-120https://github.com/Exiv2/exiv2/issues/1019https://usn.ubuntu.com/4159-1/https://lists.debian.org/debian-lts-announce/2019/12/msg00001.htmlhttps://lists.debian.org/debian-lts-announce/2023/01/msg00004.htmlhttps://access.redhat.com/errata/RHSA-2020:4030https://usn.ubuntu.com/4159-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525CVE-2024-4652CVE-2024-1438CVE-2024-4671CVE-2024-34351arbitrary CVE-2024-4650SQL injectionoverflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook