We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-39695

Exiv2 has an out-of-bounds read in AsfVideo::streamProperties



Description

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.

Reserved 2024-06-27 | Published 2024-07-08 | Updated 2024-08-02 | Assigner GitHub_M


MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-125: Out-of-bounds Read

Product status

>= 0.28.0, < 0.28.3
affected

References

github.com/.../exiv2/security/advisories/GHSA-38rv-8x93-pvrh

github.com/Exiv2/exiv2/pull/3006

github.com/...ommit/3a28346db5ae1735a8728fe3491b0aecc1dbf387

cve.org (CVE-2024-39695)

nvd.nist.gov (CVE-2024-39695)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-39695

Support options

Helpdesk Chat, Email, Knowledgebase