6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
exiv2 is vulnerable to denial of service. The vulnerability exists through a stack overflow issue in CiffDirectory::readDirectory()
at crwimage_int.cpp
which allows an attacker to crash the application via malicious input.
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
access.redhat.com/errata/RHSA-2019:2101
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=1465061
bugzilla.redhat.com/show_bug.cgi?id=1470729
bugzilla.redhat.com/show_bug.cgi?id=1470737
bugzilla.redhat.com/show_bug.cgi?id=1470913
bugzilla.redhat.com/show_bug.cgi?id=1470946
bugzilla.redhat.com/show_bug.cgi?id=1470950
bugzilla.redhat.com/show_bug.cgi?id=1471772
bugzilla.redhat.com/show_bug.cgi?id=1473888
bugzilla.redhat.com/show_bug.cgi?id=1473889
bugzilla.redhat.com/show_bug.cgi?id=1475123
bugzilla.redhat.com/show_bug.cgi?id=1475124
bugzilla.redhat.com/show_bug.cgi?id=1482295
bugzilla.redhat.com/show_bug.cgi?id=1482296
bugzilla.redhat.com/show_bug.cgi?id=1482423
bugzilla.redhat.com/show_bug.cgi?id=1494443
bugzilla.redhat.com/show_bug.cgi?id=1494467
bugzilla.redhat.com/show_bug.cgi?id=1494776
bugzilla.redhat.com/show_bug.cgi?id=1494778
bugzilla.redhat.com/show_bug.cgi?id=1494780
bugzilla.redhat.com/show_bug.cgi?id=1494781
bugzilla.redhat.com/show_bug.cgi?id=1494782
bugzilla.redhat.com/show_bug.cgi?id=1494786
bugzilla.redhat.com/show_bug.cgi?id=1494787
bugzilla.redhat.com/show_bug.cgi?id=1495043
bugzilla.redhat.com/show_bug.cgi?id=1524104
bugzilla.redhat.com/show_bug.cgi?id=1524107
bugzilla.redhat.com/show_bug.cgi?id=1524116
bugzilla.redhat.com/show_bug.cgi?id=1525055
bugzilla.redhat.com/show_bug.cgi?id=1537353
bugzilla.redhat.com/show_bug.cgi?id=1566260
bugzilla.redhat.com/show_bug.cgi?id=1652637
bugzilla.redhat.com/show_bug.cgi?id=1664361
github.com/Exiv2/exiv2/issues/460
github.com/SegfaultMasters/covering360/blob/master/Exiv2
lists.debian.org/debian-lts-announce/2019/02/msg00038.html
lists.debian.org/debian-lts-announce/2023/01/msg00004.html
usn.ubuntu.com/3852-1/
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P