Impact
An out-of-bounds read was found in Exiv2 version v0.28.7. The vulnerability is in the CRW image parser. The bug is reproducible with our fuzz target, but we have not been able to reproduce it with the exiv2 command line application.
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file.
Patches
The bug is fixed in version v0.28.8. It is fixed by #3462.
For more information
Please see our security policy for information about Exiv2 security.
Credit
This bug was found by OSS-Fuzz.
Impact
An out-of-bounds read was found in Exiv2 version v0.28.7. The vulnerability is in the CRW image parser. The bug is reproducible with our fuzz target, but we have not been able to reproduce it with the exiv2 command line application.
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file.
Patches
The bug is fixed in version v0.28.8. It is fixed by #3462.
For more information
Please see our security policy for information about Exiv2 security.
Credit
This bug was found by OSS-Fuzz.