CVE-2024-25112

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Feb 12, 2024

Updated: Feb 13, 2024

CWE ID 400

CWE ID 674

Summary

CVE-2024-25112 is a denial-of-service vulnerability affecting Exiv2, a command-line utility and C++ library for managing image metadata. In Exiv2 version v0.28.1, a function called `QuickTimeVideo::multipleEntriesDecoder` was introduced, which contains an unbounded recursion flaw. This issue can cause Exiv2 to crash by exhausting the stack when processing a specially crafted video file. Versions of Exiv2 prior to v0.28.0 are not impacted. To mitigate this vulnerability, users are advised to upgrade to version v0.28.2, as there are no known workarounds.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uaL1eL
https://www.cve.org/CVERecord?id=CVE-2024-25112
https://nvd.nist.gov/vuln/detail/CVE-2024-25112

Back to Vulnerability Database

CVE-2024-25112

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations