A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
exiv2 exiv2 0.27.4 |
||
exiv2 exiv2 |
||
redhat enterprise linux 8.0 |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |