How severe is CVE-2024-25112?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5 out of 10.

What type of vulnerability is CVE-2024-25112?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2024-25112 - MEDIUM Severity | CVSS 5

Vulnerability Description

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2022-47370

MEDIUM

CVSS:5.0(Medium)

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

CWE-4002022

CVE-2023-21090

MEDIUM

CVSS:5.0(Medium)

In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed....

CWE-4002023

CVE-2017-12076

MEDIUM

CVSS:4.9(Medium)

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources ...

CWE-4002017

CVE-2017-12077

MEDIUM

CVSS:4.9(Medium)

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resource...

CWE-4002017

CVE-2018-20699

MEDIUM

CVSS:4.9(Medium)

Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, p...

CWE-4002018

CVE-2019-13007

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletio...

CWE-4002019