CVE-2022-24614

Exploit

EPSS 0.28%
Veröffentlicht 24.02.2022 15:15:29
Zuletzt bearbeitet 12.09.2025 19:46:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Metadata-extractor Project ≫ Metadata-extractor Version < 2.18.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.509

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://github.com/drewnoakes/metadata-extractor/issues/561

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2022-24614

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-24614

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-24614

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-24614