CVE-2019-20421

Published: 27 January 2020

In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
exiv2
Launchpad, Ubuntu, Debian
Upstream
Released (0.27.2-8)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (0.25-3.1ubuntu0.18.04.5)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.25-2.1ubuntu16.04.6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist