Heap-Based Buffer Over-Read in Exiv2 Image Processing Software
CVE-2019-14368

7.8HIGH

Key Information:

Vendor: Exiv2
Status: Exiv2
Vendor: CVE Published:; 28 July 2019

What is CVE-2019-14368?

The Exiv2 image processing library version 0.27.99.0 contains a vulnerability that allows for a heap-based buffer over-read in the Exiv2::RafImage::readMetadata() function within rafimage.cpp. This flaw can potentially allow attackers to access sensitive data residing in memory, thereby compromising system integrity and confidentiality. It is crucial for users of the affected version to apply security updates to mitigate the risk associated with this vulnerability. For further details, refer to the issue documented on the Exiv2 GitHub repository.

References

https://github.com/Exiv2/exiv2/issues/952

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2019
Vulnerability Reserved
Jul 28, 2019