Denial of Service Vulnerability in Exiv2 by The Exiv2 Project
CVE-2019-20421

7.5HIGH

Key Information:

Vendor: Exiv2
Status: Exiv2
Vendor: CVE Published:; 27 January 2020

What is CVE-2019-20421?

The vulnerability in Exiv2 allows remote attackers to exploit an input file problem, causing an infinite loop in Jp2Image::readMetadata(). This results in excessive CPU usage, leading to a denial of service condition. Attackers could leverage this to disrupt services by submitting specially crafted files.