CVE-2019-9143 — Uncontrolled Recursion in Exiv2

CWE-674 — Uncontrolled Recursion CWE-835 — Infinite Loop7 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 36.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exiv2 Debian Exiv2

Timeline

PublishedFeb 25

Latest updateMay 13

Description

An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/exiv2< exiv2 0.27.2-8 (bookworm)

▶Debianexiv2/exiv2< 0.27.2-8+3

▶NVDexiv2/exiv20.27

🔴Vulnerability Details

GHSA

GHSA-pvvg-cg5r-2q8v: An issue was discovered in Exiv2 0↗2022-05-13

▶

OSV

CVE-2019-9143: An issue was discovered in Exiv2 0↗2019-02-25

▶

📋Vendor Advisories

Red Hat

exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service↗2019-02-21

▶

Debian

CVE-2019-9143: exiv2 - An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Ima...↗2019

▶

💬Community

Bugzilla

CVE-2019-9143 exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service [fedora-all]↗2019-03-01

▶

Bugzilla

CVE-2019-9143 exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service↗2019-03-01

▶