Multiple vulnerabilities in Exiv2
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2019-14982 CVE-2019-13114 CVE-2019-13113 CVE-2019-13112 CVE-2019-13111 CVE-2019-13110 CVE-2019-13109 CVE-2019-13108 |
| CWE-ID | CWE-190 CWE-476 CWE-617 CWE-399 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. |
| Vulnerable software Subscribe |
Exiv2 Universal components / Libraries / Libraries used by multiple products |
| Vendor | GNU |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU20304
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-14982
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service attack.
The vulnerability exists due to integer overflow in the WebPImage::getHeaderOffset() function in webpimage.cpp. A remote attacker can pass a specially crafted file to the affected application, trigger integer overflow and crash the application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsExiv2: 0.23 - 0.27.1
External linkshttp://github.com/Exiv2/exiv2/compare/v0.27.2-RC2...v0.27.2
http://github.com/Exiv2/exiv2/issues/960
http://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) NULL pointer dereference
EUVDB-ID: #VU20309
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-13114
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error when parsing HTTP responses without a space character. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsExiv2: 0.23 - 0.27.1
External linkshttp://github.com/Exiv2/exiv2/issues/793
http://github.com/Exiv2/exiv2/pull/815
http://usn.ubuntu.com/4056-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Reachable Assertion
EUVDB-ID: #VU20308
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-13113
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion due to assertion failure) via an invalid data location in a CRW image file. A remote attacker can cause a denial of service (crash.
MitigationInstall update from vendor's website.
Vulnerable software versionsExiv2: 0.23 - 0.27.1
External linkshttp://github.com/Exiv2/exiv2/issues/841
http://github.com/Exiv2/exiv2/pull/842
http://usn.ubuntu.com/4056-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Resource management error
EUVDB-ID: #VU20307
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-13112
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to memory allocation error in PngChunk::parseChunkContent() function. A remote attacker can create a specially crafted PNG image, pass it to the application and perform a denial of service attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsExiv2: 0.23 - 0.27.1
External linkshttp://github.com/Exiv2/exiv2/issues/845
http://github.com/Exiv2/exiv2/pull/846
http://usn.ubuntu.com/4056-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Integer overflow
EUVDB-ID: #VU20306
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-13111
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to integer overflow in WebPImage::decodeChunks() function. A remote attacker can create a specially crafted WEBP image, pass it to the application, trigger integer overflow and crash the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsExiv2: 0.23 - 0.27.1
External linkshttp://github.com/Exiv2/exiv2/issues/791
http://github.com/Exiv2/exiv2/pull/797
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Integer overflow
EUVDB-ID: #VU20305
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-13110
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to integer overflow in CiffDirectory::readDirectory() function. A remote attacker can create a specially crafted CRW image, pass it to the application, trigger integer overflow and crash the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsExiv2: 0.23 - 0.27.1
External linkshttp://github.com/Exiv2/exiv2/issues/843
http://github.com/Exiv2/exiv2/pull/844
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Integer overflow
EUVDB-ID: #VU19510
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13109
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in Exiv2 through 0.27.1 due to PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction. A remote attacker can create a crafted PNG image file, trigger integer overflow and perform denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsExiv2: 0.27 - 0.27.1
External linkshttp://github.com/Exiv2/exiv2/issues/790
http://github.com/Exiv2/exiv2/pull/795
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Integer overflow
EUVDB-ID: #VU19509
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13108
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in Exiv2 through 0.27.1 due to PngImage::readMetadata mishandles a zero value for iccOffset. A remote attacker can create a crafted PNG image file, trigger integer overflow and perform denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsExiv2: 0.27 - 0.27.1
External linkshttp://github.com/Exiv2/exiv2/issues/789
http://github.com/Exiv2/exiv2/pull/794
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
