Published: 25/02/2019 Updated: 24/08/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an malicious user to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Vulnerable Product	Search on Vulmon	Subscribe to Product
exiv2 exiv2 0.27

Debian Bug report logs - #923473 exiv2: CVE-2019-9144 Package: src:exiv2; Maintainer for src:exiv2 is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 28 Feb 2019 16:39:02 UTC Severity: grave Tags: security, upstream Found in version ex ...

Impact: Moderate Public Date: 2019-02-21 CWE: CWE-835 Bugzilla: 1683201: CVE-2019-9144 exiv2: infinite ...

CWE-674 https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2anonymous-namespacebigtiffimageprintifd-exiv2-0-27/https://github.com/Exiv2/exiv2/issues/712 http://www.securityfocus.com/bid/107161 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923473 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2019-9144

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-9144

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect