FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

exiv2 -- Out-of-bounds read in AsfVideo::streamProperties

Affected packages
0.28.0,1 <= exiv2 < 0.28.3,1

Details

VuXML ID 3e44c35f-6cf4-11ef-b813-4ccc6adda413
Discovery 2024-04-21
Entry 2024-09-07

Kevin Backhouse reports:

An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0, so Exiv2 versions before v0.28 are not affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file.

[source]

References

CVE Name CVE-2024-39695
URL https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.