CVE-2019-9143

EUVD-2019-0053
An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
exiv2exiv2
0.27
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
exiv2
bookworm
0.27.6-1
fixed
bullseye
0.27.3-3+deb11u2
fixed
bullseye (security)
0.27.3-3+deb11u1
fixed
buster
not-affected
jessie
not-affected
sid
0.28.3+dfsg-2
fixed
stretch
not-affected
trixie
0.28.3+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
exiv2
bionic
not-affected
cosmic
not-affected
trusty
dne
xenial
not-affected
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/107161
https://github.com/Exiv2/exiv2/issues/711
https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2imageprinttiffstructure-exiv2-0-27/
http://www.securityfocus.com/bid/107161
https://github.com/Exiv2/exiv2/issues/711
https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2imageprinttiffstructure-exiv2-0-27/