CVE-2019-13114
exiv2: null-pointer dereference in http.c causing denial of service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.
En el archivo http.c en Exiv2 hasta la versión 0.27.1, permite a un servidor http malicioso causar una denegación de servicio (bloqueo debido a una desreferencia del puntero NULL) mediante el retorno de una respuesta creada que carece de un carácter espacio.
It was discovered that Exiv2 incorrectly handled certain PSD files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain CRW files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-06-30 CVE Reserved
- 2019-06-30 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html | Mailing List |
|
| https://support.f5.com/csp/article/K45429077?utm_source=f5support&%3Butm_medium=RSS |
| URL | Date | SRC |
|---|---|---|
| https://github.com/Exiv2/exiv2/issues/793 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/Exiv2/exiv2/pull/815 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Exiv2 Search vendor "Exiv2" | Exiv2 Search vendor "Exiv2" for product "Exiv2" | <= 0.27.1 Search vendor "Exiv2" for product "Exiv2" and version " <= 0.27.1" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04" | - |
Affected
| ||||||