An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. An out-of-bounds write was found in Exiv2 version v0.28.0. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.Įxiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |