Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Out-of-bounds read in QuickTimeVideo::NikonTagsDecoder in Exiv2
Vulnerability Description
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
跨界内存读
Vulnerability Title
Exiv2 缓冲区错误漏洞
Vulnerability Description
Exiv2是Andreas Huggel个人开发者的一套用于管理图像元数据的C++库和命令行应用程序。该产品提供了读取和写入EXIF、IPTC和XMP等多种格式图像元数据的功能。 Exiv2 v0.28.1版本,0.28.0版本存在缓冲区错误漏洞,该漏洞源于函数QuickTimeVideo::NikonTagsDecoder存在越界读取漏洞。
CVSS Information
N/A
Vulnerability Type
N/A