CVE-2019-9144 — Uncontrolled Recursion in Exiv2

CWE-674 — Uncontrolled Recursion CWE-835 — Infinite Loop7 documents6 sources

Severity

8.8HIGHNVD

EPSS

1.2%

top 20.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exiv2 Debian Exiv2

Timeline

PublishedFeb 25

Latest updateMay 13

Description

An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/exiv2< exiv2 0.27.2-8 (bookworm)

▶Debianexiv2/exiv2< 0.27.2-8+3

▶NVDexiv2/exiv20.27

🔴Vulnerability Details

GHSA

GHSA-h536-vfr2-h6pw: An issue was discovered in Exiv2 0↗2022-05-13

▶

OSV

CVE-2019-9144: An issue was discovered in Exiv2 0↗2019-02-25

▶

📋Vendor Advisories

Red Hat

exiv2: infinite recursion in BigTiffImage::printIFD in bigtiffimage.cpp causing denial of service↗2019-02-21

▶

Debian

CVE-2019-9144: exiv2 - An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffIma...↗2019

▶

💬Community

Bugzilla

CVE-2019-9144 exiv2: infinite recursion in BigTiffImage::printIFD in bigtiffimage.cpp causing denial of service [fedora-all]↗2019-02-26

▶

Bugzilla

CVE-2019-9144 exiv2: infinite recursion in BigTiffImage::printIFD in bigtiffimage.cpp causing denial of service↗2019-02-26

▶