Veracode Vulnerability DatabaseVERACODE:8031Denial Of Service (DoS)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
libexiv2.so is vulnerable to denial of service. An attacker is able to create a denial of service condition using malicious input to cause an infinite loop in the function Exiv2::Jp2Image::encodeJp2Header in jp2image.cpp.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libexiv2.so | le | 26.0.0 | |
| exiv2 | eq | 0.26__3.el7.0.1 | |
| exiv2 | eq | 0.26__10.el8 | |
| exiv2 | eq | 0.26__3.el7 | |
| gnome-color-manager | eq | 3.28.0__1.el8 | |
| libgexiv2 | eq | 0.10.8__2.el8 | |
| gegl | eq | 0.2.0__38.el8 |
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P