Exiv2 CVE-2019-13504 Remote Denial of Service Vulnerability

Exiv2 is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users.

Exiv2 0.27.2 and prior are vulnerable; other versions may also be affected.

Information

Bugtraq ID: 109117
Class: Boundary Condition Error
CVE: CVE-2019-13504

Remote: Yes
Local: No
Published: Jul 10 2019 12:00AM
Updated: Jul 10 2019 12:00AM
Credit: Yevgeny
Vulnerable: Exiv2 Exiv2 0.27.2
Exiv2 Exiv2 0.27
Exiv2 Exiv2 0.26
Exiv2 Exiv2 0.24

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

Add libFuzzer integration + report bug #943 (Exiv2/exiv2)
Exiv2 Homepage (exiv2)

Source: www.securityfocus.com

Exploit Collector

Search Exploit