3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
Exiv2 is vulnerable to information disclosure. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file.
github.com/Exiv2/exiv2/pull/1627
github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v
lists.fedoraproject.org/archives/list/[email protected]/message/5I3RRZUGSBIUYZ5TIHLN55PKMAWCSJ5G/
lists.fedoraproject.org/archives/list/[email protected]/message/M2BPQNJKTRIDINTVJ22QMMTIZEPHVKXK/
lists.fedoraproject.org/archives/list/[email protected]/message/RQAKFIQHW2AS3AGSJM42ABOA6CWIJBGM/
lists.fedoraproject.org/archives/list/[email protected]/message/TZ5SGWHK64TB7ADRSVBGHEPDFN5CSOO3/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.13/community.yaml
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N