Exiv2 0.28.0 Image Metadata brotliUncompress out-of-bounds write
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.4 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as critical has been found in Exiv2 0.28.0. Affected is the function BmffImage::brotliUncompress of the component Image Metadata Handler. Such manipulation leads to out-of-bounds write.
This vulnerability is uniquely identified as CVE-2023-44398. The attack can be launched remotely. No exploit exists.
The affected component should be upgraded.
Details
A vulnerability was found in Exiv2 0.28.0 (Image Processing Software) and classified as critical. Affected by this issue is the function BmffImage::brotliUncompress of the component Image Metadata Handler. The manipulation with an unknown input leads to a out-of-bounds write vulnerability. Using CWE to declare the problem leads to CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. Impacted is confidentiality, integrity, and availability. CVE summarizes:
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
The weakness was disclosed 11/06/2023. The advisory is available at github.com. This vulnerability is handled as CVE-2023-44398 since 09/28/2023. Successful exploitation requires user interaction by the victim. Technical details are known, but there is no available exploit.
Upgrading to version 0.28.1 eliminates this vulnerability.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Name
Version
License
Website
- Product: https://github.com/Exiv2/exiv2/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.6VulDB Meta Temp Score: 7.4
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 8.8
CNA Vector (GitHub, Inc.): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Out-of-bounds writeCWE: CWE-787 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Exiv2 0.28.1
Patch: github.com
Timeline
09/28/2023 🔍11/06/2023 🔍
11/06/2023 🔍
12/02/2023 🔍
Sources
Product: github.comAdvisory: e884a0955359107f4031c74a07406df7e99929a5
Status: Confirmed
CVE: CVE-2023-44398 (🔍)
GCVE (CVE): GCVE-0-2023-44398
GCVE (VulDB): GCVE-100-244562
Entry
Created: 11/06/2023 19:09Updated: 12/02/2023 15:01
Changes: 11/06/2023 19:09 (50), 12/02/2023 14:57 (2), 12/02/2023 15:01 (1)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.