How severe is CVE-2024-24826?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5 out of 10.

What type of vulnerability is CVE-2024-24826?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2024-24826 - MEDIUM Severity | CVSS 5

Vulnerability Description

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2016-7917

MEDIUM

CVSS:5.0(Medium)

The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain s...

CWE-1252016

CVE-2017-6437

MEDIUM

CVSS:5.0(Medium)

The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file.

CWE-1252017

CVE-2018-19020

MEDIUM

CVSS:5.0(Medium)

When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array.

CWE-1252018

CVE-2019-2039

MEDIUM

CVSS:5.0(Medium)

In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges need...

CWE-1252019

CVE-2019-2040

MEDIUM

CVSS:5.0(Medium)

In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privilege...

CWE-1252019

CVE-2019-9235

MEDIUM

CVSS:5.0(Medium)

In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed...

CWE-1252019