CVE-2019-14368 — Out-of-bounds Read in Exiv2

Severity

7.8HIGHNVD

EPSS

0.3%

top 51.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJul 28

Latest updateMay 24

Description

Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp.

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

▶NVDexiv2/exiv20.27.99.0

GHSA

GHSA-766f-8g6j-2m24: Exiv2 0↗2022-05-24

▶

Red Hat

exiv2: Heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp↗2019-07-29

▶

Debian

CVE-2019-14368: exiv2 - Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetada...↗2019

▶

Bugzilla

CVE-2019-14368 exiv2: Heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp↗2019-08-30

▶

Bugzilla

CVE-2019-14368 exiv2: Heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp [fedora-all]↗2019-08-30

▶