Undergoing Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
Exiv2
- 0.28.2
Source
security-advisories@github.com
Tags
CVE-2024-39695 details
Published : July 8, 2024, 4:15 p.m.
Last Modified : July 8, 2024, 4:35 p.m.
Last Modified : July 8, 2024, 4:35 p.m.
Description
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.
CVSS Score
| 1 | 2 | 3 | 4 | 5.3 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-125 | Out-of-bounds Read | The product reads data past the end, or before the beginning, of the intended buffer. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
Base Score
5.3
Exploitability Score
3.9
Impact Score
1.4
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References
| URL | Source |
|---|---|
| https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387 | security-advisories@github.com |
| https://github.com/Exiv2/exiv2/pull/3006 | security-advisories@github.com |
| https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh | security-advisories@github.com |
This website uses the NVD API, but is not approved or certified by it.