Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-13504 PoC — Exiv2 缓冲区错误漏洞

Source
https://github.com/5l1v3r1/fuzzenv-exiv2
Associated Vulnerability
Title:Exiv2 缓冲区错误漏洞 (CVE-2019-13504)
Description:Exiv2是Andreas Huggel程序员的一套用于管理图像元数据的C++库和命令行应用程序。该产品提供了读取和写入EXIF、IPTC和XMP等多种格式图像元数据的功能。 Exiv2 0.27.2及之前版本中的mrwimage.cpp文件的‘readMetadata’函数存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。
Description
https://fuzzit.dev/2019/07/11/discovering-cve-2019-13504-cve-2019-13503-and-the-importance-of-api-fuzzing/
Readme
# fuzzenv-exiv2
File Snapshot

 [4.0K]  /data/pocs/cdce6b07acaf121a92ce66dd4d0c362fcbf92d64
├── [  49]  build.sh
├── [ 229]  clean.sh
├── [1.3K]  Dockerfile
├── [  15]  README.md
└── [  51]  shell.sh

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.