vulnerability
FreeBSD: VID-3E44C35F-6CF4-11EF-B813-4CCC6ADDA413 (CVE-2024-39695): exiv2 -- Out-of-bounds read in AsfVideo::streamProperties
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:N/A:P) | Apr 21, 2024 | Sep 8, 2024 | Jan 28, 2025 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
Published
Apr 21, 2024
Added
Sep 8, 2024
Modified
Jan 28, 2025
Description
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.
Solution
freebsd-upgrade-package-exiv2
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.