Vulnerability Description
An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Exiv2 | Exiv2 | 0.27 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/107161Third Party AdvisoryVDB Entry
- https://github.com/Exiv2/exiv2/issues/712ExploitThird Party Advisory
- https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2anonymouExploitThird Party Advisory
- http://www.securityfocus.com/bid/107161Third Party AdvisoryVDB Entry
- https://github.com/Exiv2/exiv2/issues/712ExploitThird Party Advisory
- https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2anonymouExploitThird Party Advisory
FAQ
What is CVE-2019-9144?
CVE-2019-9144 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denia...
How severe is CVE-2019-9144?
CVE-2019-9144 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-9144?
Check the references section above for vendor advisories and patch information. Affected products include: Exiv2 Exiv2.