THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-39695

Exiv2 has an out-of-bounds read in AsfVideo::streamProperties

AssignerGitHub_M
Reserved2024-06-27
Published2024-07-08
Updated2024-07-08

Description

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.



MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-125: Out-of-bounds Read

Product status

>= 0.28.0, < 0.28.3
affected

References

https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh

https://github.com/Exiv2/exiv2/pull/3006

https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387

cve.org CVE-2024-39695

nvd.nist.gov CVE-2024-39695

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-39695
© Copyright 2024 THREATINT. Made in Cyprus with +