Denial of Service Vulnerability in Exiv2 Image Processing Software
CVE-2019-9144

8.8HIGH

Key Information:

Vendor

Exiv2

Status
Exiv2
Vendor
CVE Published:
25 February 2019

What is CVE-2019-9144?

A vulnerability has been identified in Exiv2 version 0.27 that allows an attacker to exploit infinite recursion within the BigTiffImage::printIFD function, which is located in the file bigtiffimage.cpp. By crafting a specific file, an attacker can trigger this issue, potentially leading to a Denial of Service condition due to segmentation faults. Additionally, the exploit may have unspecified implications, necessitating immediate attention to ensure system security.

References

https://research.loginsoft.com/bugs/uncontrolled-recursio...
x_refsource_MISC
https://github.com/Exiv2/exiv2/issues/712
x_refsource_MISC
http://www.securityfocus.com/bid/107161
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.