Out-of-Bounds Read Vulnerability in Exiv2 v0.28.2

CVE-2024-39695

6.5MEDIUM

Key Information

Vendor: Exiv2
Status: Exiv2
Vendor: CVE Published:; 8 July 2024

Summary

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.

Affected Version(s)

exiv2 = >= 0.28.0, < 0.28.3

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 8, 2024
Vulnerability Reserved.
Jun 27, 2024

Collectors

NVD DatabaseMitre Database