CVE-2019-20421
Summary
| CVE | CVE-2019-20421 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-01-27 05:15:00 UTC |
|---|
| Updated | 2021-09-14 12:46:00 UTC |
|---|
| Description | In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Fix #1011 fix_1011_jp2_readmetadata_loop (#1013) · Exiv2/exiv2@a82098f · GitHub |
MISC |
github.com |
Patch, Third Party Advisory |
| An infinite loop and hang in Exiv2::Jp2Image::readMetadata() · Issue #1011 · Exiv2/exiv2 · GitHub |
MISC |
github.com |
Exploit, Patch, Third Party Advisory |
| Debian -- Security Information -- DSA-4958-1 exiv2 |
DEBIAN |
www.debian.org |
|
| [SECURITY] [DLA 2750-1] exiv2 security update |
MLIST |
lists.debian.org |
|
| USN-4270-1: Exiv2 vulnerability | Ubuntu security notices | Ubuntu |
UBUNTU |
usn.ubuntu.com |
Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 178761 Debian Security Update for exiv2 (DSA 4958-1)
- 178777 Debian Security Update for exiv2 (DLA 2750-1)
- 500895 Alpine Linux Security Update for exiv2
- 504729 Alpine Linux Security Update for exiv2
- 901387 Common Base Linux Mariner (CBL-Mariner) Security Update for exiv2 (7205)
- 902276 Common Base Linux Mariner (CBL-Mariner) Security Update for exiv2 (7205-1)
- 940399 AlmaLinux Security Update for exiv2 (ALSA-2020:1577)
- 960313 Rocky Linux Security Update for exiv2 (RLSA-2020:1577)
