The vulnerability in MetadataExtractor 2.1.0 allows stack consumption. This has been addressed.
CVEID:CVE-2019-14262
**DESCRIPTION:**MetadataExtractor is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165392 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
Log Analysis | 1.3.1 |
Log Analysis | 1.3.2 |
Log Analysis | 1.3.3 |
Log Analysis | 1.3.4 |
Log Analysis | 1.3.5 |
Log Analysis | 1.3.6 |
Log Analysis | 1.3.7 |
Principal Product and Version(s) : | Fix details |
---|---|
IBM Operations Analytics - Log Analysis version 1.3.x |
Upgrade to Log Analysis version 1.3.7 Fix Pack 1
Download the 1.3.7-TIV-IOALA-FP1
None