Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.
Metrics
Affected Vendors & Products
References
History
Sat, 19 Oct 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-07-08T15:14:27.639Z
Updated: 2024-08-02T04:26:15.941Z
Reserved: 2024-06-27T18:44:13.037Z
Link: CVE-2024-39695
Vulnrichment
Updated: 2024-08-02T04:26:15.941Z
NVD
Status : Modified
Published: 2024-07-08T16:15:08.700
Modified: 2024-11-21T09:28:14.270
Link: CVE-2024-39695
Redhat