Home

CVE-2019-13110

Description

A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.323

Associated Vulnerability

VulnerabilityOS Platform
EXIF/IPTC/XMP metadata manipulation tool (USN-4056-1) exiv2_0.25-4ubuntu0.2_i386.debLinux
EXIF/IPTC/XMP metadata manipulation tool (USN-4056-1) exiv2_0.25-4ubuntu0.2_amd64.debLinux
EXIF/IPTC/XMP metadata manipulation tool (USN-4056-1) exiv2_0.25-4ubuntu1.1_i386.debLinux
EXIF/IPTC/XMP metadata manipulation tool (USN-4056-1) exiv2_0.25-4ubuntu1.1_amd64.debLinux
EXIF/IPTC/XMP metadata manipulation tool (USN-4056-1) exiv2_0.25-2.1ubuntu16.04.4_i386.debLinux
EXIF/IPTC/XMP metadata manipulation tool (USN-4056-1) exiv2_0.25-2.1ubuntu16.04.4_amd64.debLinux
EXIF/IPTC/XMP metadata manipulation tool (USN-4056-1) exiv2_0.25-3.1ubuntu0.18.04.3_i386.debLinux
EXIF/IPTC/XMP metadata manipulation tool (USN-4056-1) exiv2_0.25-3.1ubuntu0.18.04.3_amd64.debLinux
EXIF/IPTC/XMP metadata manipulation tool (USN-4056-1) libexiv2-14_0.25-4ubuntu0.2_i386.debLinux
EXIF/IPTC/XMP metadata manipulation tool (USN-4056-1) libexiv2-14_0.25-4ubuntu0.2_amd64.debLinux
EXIF/IPTC/XMP metadata manipulation tool (USN-4056-1) libexiv2-14_0.25-4ubuntu1.1_i386.debLinux
EXIF/IPTC/XMP metadata manipulation tool (USN-4056-1) libexiv2-14_0.25-4ubuntu1.1_amd64.debLinux
EXIF/IPTC/XMP metadata manipulation tool (USN-4056-1) libexiv2-14_0.25-2.1ubuntu16.04.4_i386.debLinux
EXIF/IPTC/XMP metadata manipulation tool (USN-4056-1) libexiv2-14_0.25-2.1ubuntu16.04.4_amd64.debLinux
EXIF/IPTC/XMP metadata manipulation tool (USN-4056-1) libexiv2-14_0.25-3.1ubuntu0.18.04.3_i386.debLinux
EXIF/IPTC/XMP metadata manipulation tool (USN-4056-1) libexiv2-14_0.25-3.1ubuntu0.18.04.3_amd64.debLinux
SUSE-SU-2022:4276-1(SUSE Linux Enterprise Module for Desktop Applications 15-SP3 ) libexiv2-26-0.26-150000.6.26.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234