Bug 2058765 (CVE-2022-24613) - CVE-2022-24613 metadata-extractor: Various uncaught exceptions while parsing a specially crafted JPEG file
Summary: CVE-2022-24613 metadata-extractor: Various uncaught exceptions while parsing ...
Keywords:
Status: NEW
Alias: CVE-2022-24613
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2068598
Blocks: 2058768
TreeView+ depends on / blocked
 
Reported: 2022-02-25 19:43 UTC by Pedro Sampaio
Modified: 2024-02-01 03:42 UTC (History)
24 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Pedro Sampaio 2022-02-25 19:43:13 UTC
metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library.

Upstream bug:

https://github.com/drewnoakes/metadata-extractor/issues/561

Comment 1 Patrick Del Bello 2022-03-25 18:41:23 UTC
Created metadata-extractor2 tracking bugs for this issue:

Affects: epel-7 [bug 2068598]


Note You need to log in before you can comment on or make changes to this bug.