6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
libexiv2.so is vulnerable to denial of service. The Exiv2::IptcData::printStructure
function in iptc.cpp
related to the != 0x1c
case, is affected with a heap-based over-read which would allow a remote attacker to cause a denial of service condition via a crafted TIFF file.
CPE | Name | Operator | Version |
---|---|---|---|
libexiv2.so | eq | 12.0.0 | |
exiv2 | eq | 0.26__3.el7 | |
exiv2 | eq | 0.26__3.el7.0.1 |
access.redhat.com/errata/RHSA-2019:2101
bugzilla.redhat.com/show_bug.cgi?id=1524107
github.com/Exiv2/exiv2/commit/ae0bfa44dfeb79dbf3431f49512305a9ef145eab
github.com/Exiv2/exiv2/issues/210
github.com/Exiv2/exiv2/issues/263
github.com/Exiv2/exiv2/pull/180
github.com/xiaoqx/pocs/blob/master/exiv2/readme.md
security.gentoo.org/glsa/201811-14
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P