QwikSec

Security Database

CVE

CWE

Training

CVE-2019-17402

Published: Oct 9, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/Exiv2/exiv2/issues/1019

vendor-advisory

[debian-lts-announce] 20191202 [SECURITY] [DLA 2019-1] exiv2 security update

mailing-list

[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.