CVE-2019-20421

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-20421

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20421.json

Related

Published

2020-01-27T05:15:10Z

Modified

2023-11-29T06:21:45.985446Z

Details

In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

References

Affected packages

Alpine:v3.11 / exiv2

Package

Name: exiv2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.27.2-r3

Affected versions

0.*

0.21-r0

0.21.1-r0

0.21.1-r1

0.22-r0

0.23-r0

0.24-r0

0.24-r1

0.25-r1

0.26-r1

0.27.2-r1

Git / github.com/Exiv2/exiv2

Affected ranges

Type: GIT
Repo: https://github.com/Exiv2/exiv2
Events: Introduced

0The exact introduced commit is unknown

Fixed

a82098f4f90cd86297131b5663c3dec6a34470e8

Affected versions

0.*

0.27

0.27-RC2

0.27-RC3

0.27.1

v0.*

v0.10

v0.11

v0.12

v0.13

v0.14

v0.15

v0.16

v0.16-pre1

v0.17

v0.17.1

v0.18

v0.18-pre1

v0.18-pre2

v0.18.1

v0.18.2

v0.19

v0.20

v0.21

v0.21.1

v0.22

v0.23

v0.23.1

v0.24

v0.25

v0.26

v0.27-RC1

v0.27.1-RC1

v0.27.2

v0.27.2-RC1

v0.27.2-RC2

v0.27.2-RC3

v0.3

v0.4

v0.5

v0.6

v0.6.1

v0.6.2

v0.7

v0.8

v0.9

v0.9.1