Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Infinite loop in parsing PNG files in
Vulnerability Description
kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::read_from_container can cause an infinite loop when a crafted PNG file is given. This is fixed in version 0.5.3. No workaround is available. Applications that do not pass files with the PNG signature to Reader::read_from_container are not affected.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Kamadak Exif-rs 资源管理错误漏洞
Vulnerability Description
Kamadak Exif-rs是Kamadak个人开发者的一个基于Rust的用于分析Exif数据的解析库。该软件支持从 TIFF、RAW、JPEG、HEIF、HEIC、AVIF、PNG、WebP等格式中读取Exif数据。 kamadak-exif version 0.5.2 存在安全漏洞,该漏洞源于在解析精心制作的PNG文件时存在一个无限循环。
CVSS Information
N/A
Vulnerability Type
N/A