{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-17402", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-05T01:40:15.736Z", "dateReserved": "2019-10-09T00:00:00", "datePublished": "2019-10-09T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-01-10T00:00:00"}, "descriptions": [{"lang": "en", "value": "Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/Exiv2/exiv2/issues/1019"}, {"name": "USN-4159-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/4159-1/"}, {"name": "[debian-lts-announce] 20191202 [SECURITY] [DLA 2019-1] exiv2 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00001.html"}, {"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:40:15.736Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/Exiv2/exiv2/issues/1019", "tags": ["x_transferred"]}, {"name": "USN-4159-1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/4159-1/"}, {"name": "[debian-lts-announce] 20191202 [SECURITY] [DLA 2019-1] exiv2 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00001.html"}, {"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:exiv2:exiv2:0.27.2:*:*:*:*:*:*:*", "matchCriteriaId": "7E9A8822-0F6F-4561-81B3-38235F52116E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size."}, {"lang": "es", "value": "Exiv2 versi\u00f3n 0.27.2, permite a atacantes activar un bloqueo en la funci\u00f3n Exiv2::getULong en el archivo types.cpp cuando es llamada desde la funci\u00f3n Exiv2::Internal::CiffDirectory::readDirectory en el archivo crwimage_int.cpp, porque no existe comprobaci\u00f3n de la relaci\u00f3n del tama\u00f1o total con el desplazamiento y el tama\u00f1o."}], "id": "CVE-2019-17402", "lastModified": "2023-01-13T16:19:37.180", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-09T19:15:14.337", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/Exiv2/exiv2/issues/1019"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4159-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:4030", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "exiv2-0:0.27.0-3.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2021:1758", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "exiv2-0:0.27.3-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}], "bugzilla": {"description": "exiv2: out-of-bounds read in CiffDirectory::readDirectory due to lack of size check", "id": "1773683", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1773683"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified"}, "cwe": "CWE-125", "details": ["Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.", "An out of bounds read vulnerability was discovered in the way exiv2 parses Canon raw format (CRW) images. An application that uses exiv2 library to parse untrusted images may be vulnerable to this flaw, which could be used by an attacker to extract data from the application's memory or make it crash. The biggest threat with this vulnerability is availability of the system."], "name": "CVE-2019-17402", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "exiv2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "compat-exiv2-023", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "compat-exiv2-026", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "compat-exiv2-026", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2019-10-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-17402\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17402"], "threat_severity": "Low", "upstream_fix": "exiv2 0.27.3"}