7.8

CVE-2019-20421

Exploit
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Exiv2Exiv2 Version0.27.2
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.10
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.3% 0.899
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8
Patch
Third Party Advisory
https://github.com/Exiv2/exiv2/issues/1011
Patch
Third Party Advisory
Exploit
https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4270-1/
Third Party Advisory
https://www.debian.org/security/2021/dsa-4958
Third Party Advisory