Vulnerability Description
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Exiv2 | Exiv2 | 0.27.2 |
| Canonical | Ubuntu Linux | 16.04 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8PatchThird Party Advisory
- https://github.com/Exiv2/exiv2/issues/1011ExploitPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/08/msg00028.htmlMailing ListThird Party Advisory
- https://usn.ubuntu.com/4270-1/Third Party Advisory
- https://www.debian.org/security/2021/dsa-4958Third Party Advisory
- https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8PatchThird Party Advisory
- https://github.com/Exiv2/exiv2/issues/1011ExploitPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/08/msg00028.htmlMailing ListThird Party Advisory
- https://usn.ubuntu.com/4270-1/Third Party Advisory
- https://www.debian.org/security/2021/dsa-4958Third Party Advisory
FAQ
What is CVE-2019-20421?
CVE-2019-20421 is a vulnerability with a CVSS score of 7.5 (HIGH). In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cau...
How severe is CVE-2019-20421?
CVE-2019-20421 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-20421?
Check the references section above for vendor advisories and patch information. Affected products include: Exiv2 Exiv2, Canonical Ubuntu Linux, Debian Debian Linux.