Out-of-bounds Write

🗓️ 08 Nov 2023 05:38:02Reported by Veracode Vulnerability DatabaseType

libexiv2.so Out-of-bounds Write vulnerability in bmffimage.cp

Reporter	Title	Published	Views	Family All 26
AlpineLinux	CVE-2023-44398	6 Nov 202317:30	–	alpinelinux
Tenable Nessus	Azure Linux 3.0 Security Update: exiv2 (CVE-2023-44398)	22 Jan 202600:00	–	nessus
Tenable Nessus	GLSA-202312-06 : Exiv2: Multiple Vulnerabilities	22 Dec 202300:00	–	nessus
BDU FSTEC	The vulnerability of the BmffImage::brotliUncompress() function in the Exiv2 library and command-line utilities for managing image metadata allows a hacker to execute arbitrary code.	13 Nov 202300:00	–	bdu_fstec
CBLMariner	CVE-2023-44398 affecting package exiv2 for versions less than 0.28.3-1	15 May 202521:13	–	cbl_mariner
Circl	CVE-2023-44398	6 Nov 202320:25	–	circl
CNNVD	Exiv2 Buffer Error Vulnerability	6 Nov 202300:00	–	cnnvd
CVE	CVE-2023-44398	6 Nov 202317:30	–	cve
Cvelist	CVE-2023-44398 Out-of-bounds write in exiv2	6 Nov 202317:30	–	cvelist
Debian CVE	CVE-2023-44398	6 Nov 202317:30	–	debiancve

Vulners

Node

exiv2 exiv2Match0.28.0-r2cpp

AND

exiv2 exiv2Match0.27.5-r0cpp

AND

exiv2 exiv2Match0.27.2-r5cpp

AND

exiv2 exiv2Match0.27.6-r1cpp

AND

exiv2 exiv2Match0.27.3-r2cpp

AND

exiv2 exiv2Match0.27.3-r1cpp

AND

exiv2 exiv2Match0.27.2-r6cpp

AND

exiv2 exiv2Match0.28.0-r0cpp

AND

exiv2 exiv2Match0.27.5-r1cpp

AND

exiv2 exiv2Match0.27.6-r0cpp

AND

exiv2 exiv2Match0.27.6-r2cpp

AND

exiv2 exiv2Match0.28.0-r1cpp

AND

exiv2 exiv2Match0.27.3-r0cpp

AND

exiv2 exiv2Match0.27.4-r0cpp

AND

Source	Link
github	www.github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5
github	www.github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r
security	www.security.gentoo.org/glsa/202312-06

22 Dec 2023 11:25Current

7.2High risk

Vulners AI Score7.2

CVSS 3.18.8

EPSS0.00965

SSVC