Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.
History

Sat, 19 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-08T15:14:27.639Z

Updated: 2024-08-02T04:26:15.941Z

Reserved: 2024-06-27T18:44:13.037Z

Link: CVE-2024-39695

cve-icon Vulnrichment

Updated: 2024-08-02T04:26:15.941Z

cve-icon NVD

Status : Modified

Published: 2024-07-08T16:15:08.700

Modified: 2024-11-21T09:28:14.270

Link: CVE-2024-39695

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-07-08T00:00:00Z

Links: CVE-2024-39695 - Bugzilla