Vulnerability Name:

CVE-2019-13110 (CCN-166141)

Assigned:2019-04-24
Published:2019-04-24
Updated:2023-02-02
Summary:
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2019-13110

Source: XF
Type: UNKNOWN
exiv2-cve201913110-dos(166141)

Source: CCN
Type: exiv2 GIT Repository
null pointer dereference in http.cpp #793

Source: CCN
Type: exiv2 GIT Repository
Integer overflow causes out-of-bounds read in CiffDirectory::readDirectory() #843

Source: cve@mitre.org
Type: Exploit, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:exiv2:exiv2:0.27.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:201913110
    V
    		CVE-2019-13110
    2023-06-22
    oval:org.opensuse.security:def:45595
    P
    		Security update for MozillaFirefox (Important) (in QA)
    2022-01-17
    oval:org.opensuse.security:def:24050
    P
    		Security update for libsndfile (Important)
    2022-01-05
    oval:org.opensuse.security:def:24001
    P
    		Security update for xen (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:45596
    P
    		Security update for MozillaFirefox, rust-cbindgen (Important)
    2021-10-18
    oval:org.opensuse.security:def:61649
    P
    		rsyslog-8.33.1-3.9.1 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:45905
    P
    		Security update for libcroco (Moderate)
    2021-09-16
    oval:org.opensuse.security:def:23966
    P
    		Security update for openssl-1_0_0 (Low)
    2021-09-09
    oval:org.opensuse.security:def:23666
    P
    		Security update for xen (Important)
    2021-09-06
    oval:org.opensuse.security:def:45190
    P
    		Security update for php53 (Important)
    2021-09-03
    oval:org.opensuse.security:def:47849
    P
    		perl-Config-IniFiles-2.82-3.12 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47211
    P
    		autofs-5.0.9-27.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47017
    P
    		libexif12-0.6.21-6.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:46983
    P
    		libHX28-3.18-1.18 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47140
    P
    		python-requests-2.8.1-6.11.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:46966
    P
    		hardlink-1.0-6.38 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:46899
    P
    		bash-4.3-78.39 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47435
    P
    		libxml2-2-2.9.4-45.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47109
    P
    		opensc-0.13.0-1.107 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47384
    P
    		libnm-glib-vpn1-1.0.12-12.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47045
    P
    		liblua5_2-32bit-5.2.2-4.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47903
    P
    		tcpdump-4.9.2-14.5.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:63513
    P
    		python2-keystoneclient-3.17.0-4.3.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:62168
    P
    		liblcms2-2-2.9-3.3.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62183
    P
    		libnewt0_52-0.52.20-5.35 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62365
    P
    		zsh-5.6-5.17 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62734
    P
    		bluez-devel-5.55-1.57 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63000
    P
    		cross-nvptx-gcc7-7.5.0+r278197-4.25.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62192
    P
    		libpainter0-0.9.13.1-4.9.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62169
    P
    		libldap-2_4-2-2.4.46-9.51.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62838
    P
    		yaml-cpp-devel-0.6.1-4.2.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62828
    P
    		rtkit-0.11+git.20130926-1.34 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:46534
    P
    		mailman-2.1.17-1.18 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46447
    P
    		kernel-default-3.12.28-4.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46681
    P
    		ipsec-tools-0.8.0-11.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:61184
    P
    		hardlink-1.0+git.e66999f-1.25 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46454
    P
    		libXRes1-1.0.7-3.53 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46652
    P
    		evince-3.10.3-1.213 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46593
    P
    		wireshark-1.10.9-1.11 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:62866
    P
    		openldap2-devel-32bit-2.4.46-7.10 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:61183
    P
    		gzip-1.9-2.21 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46685
    P
    		java-1_7_1-ibm-1.7.1_sr3.10-14.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:61376
    P
    		update-alternatives-1.19.0.4-2.48 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46538
    P
    		ntp-4.2.6p5-24.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46746
    P
    		libmms0-0.6.2-15.8 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:61207
    P
    		libXfixes-devel-5.0.3-1.24 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:23910
    P
    		Security update for libwebp (Critical)
    2021-06-02
    oval:org.opensuse.security:def:23901
    P
    		Security update for graphviz (Critical)
    2021-05-19
    oval:org.opensuse.security:def:46315
    P
    		Security update for xen (Important)
    2021-04-19
    oval:org.opensuse.security:def:23548
    P
    		Security update for xorg-x11-server (Important)
    2021-04-14
    oval:org.opensuse.security:def:23739
    P
    		Security update for python (Important)
    2021-02-11
    oval:org.opensuse.security:def:23492
    P
    		Security update for openssl (Important)
    2020-12-11
    oval:org.opensuse.security:def:23483
    P
    		Security update for mutt (Important)
    2020-12-07
    oval:org.opensuse.security:def:61973
    P
    		rsync-3.1.3-4.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63190
    P
    		xen-4.10.1_04-1.4 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62917
    P
    		perl-DNS-LDNS-1.7.0-2.22 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:61843
    P
    		libmp3lame0-3.100-1.33 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62972
    P
    		perl-Archive-Extract-0.80-1.24 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62967
    P
    		ncurses-devel-32bit-6.1-5.6.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62632
    P
    		gdk-pixbuf-query-loaders-32bit-2.40.0-1.25 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62502
    P
    		NetworkManager-1.10.6-5.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62640
    P
    		gstreamer-plugins-base-devel-1.16.2-2.12 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63645
    P
    		xorg-x11-server-wayland-1.20.3-20.11 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:18288
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:24157
    P
    		Security update for libX11 (Important)
    2020-12-01
    oval:org.opensuse.security:def:46036
    P
    		Security update for ruby2.1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:24141
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:25735
    P
    		Security update for exiv2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:46234
    P
    		Security update for mailman (Important)
    2020-12-01
    oval:org.opensuse.security:def:18539
    P
    		Security update for polkit (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:19181
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24631
    P
    		Security update for kernel-source (Important)
    2020-12-01
    oval:org.opensuse.security:def:24597
    P
    		Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:18243
    P
    		Security update for java-1_8_0-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63847
    P
    		Security update for strongswan (Important)
    2020-12-01
    oval:org.opensuse.security:def:19442
    P
    		Security update for exiv2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24084
    P
    		Security update for ceph (Important)
    2020-12-01
    oval:org.opensuse.security:def:45829
    P
    		Security update for libX11 (Important)
    2020-12-01
    oval:org.opensuse.security:def:24129
    P
    		Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP3) (Important)
    2020-12-01
    oval:org.opensuse.security:def:25700
    P
    		Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:45721
    P
    		Security update for openwsman (Important)
    2020-12-01
    oval:org.opensuse.security:def:46175
    P
    		Security update for java-1_8_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:18501
    P
    		Security update for git (Important)
    2020-12-01
    oval:org.opensuse.security:def:24468
    P
    		Security update for glib2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:18543
    P
    		Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24575
    P
    		Security update for libxml2 (Low)
    2020-12-01
    oval:org.opensuse.security:def:24559
    P
    		Security update for libssh2_org (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:45178
    P
    		Security update for dnsmasq (Important)
    2020-12-01
    oval:org.opensuse.security:def:18186
    P
    		Security update for libxml2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:23858
    P
    		Security update for python-PyYAML (Important)
    2020-12-01
    oval:org.opensuse.security:def:63749
    P
    		Security update for bzip2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:19416
    P
    		Security update for sudo (Important)
    2020-12-01
    oval:org.opensuse.security:def:45695
    P
    		Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP3) (Important)
    2020-12-01
    oval:org.opensuse.security:def:25062
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:45608
    P
    		Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP3) (Important)
    2020-12-01
    oval:org.opensuse.security:def:18452
    P
    		Security update for MozillaFirefox, mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:64027
    P
    		Security update for exiv2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18467
    P
    		Security update for poppler (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24419
    P
    		Security update for freeradius-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:18521
    P
    		Security update for rubygem-yard (Important)
    2020-12-01
    oval:org.opensuse.security:def:24849
    P
    		Security update for exiv2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:45989
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:24494
    P
    		Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:46247
    P
    		Security update for freeradius-server (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24547
    P
    		Security update for sysstat (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18059
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:46123
    P
    		Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18101
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:23788
    P
    		Security update for postgresql10 (Important)
    2020-12-01
    oval:org.opensuse.security:def:24917
    P
    		Security update for jakarta-commons-fileupload (Important)
    2020-12-01
    oval:org.opensuse.security:def:18778
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:45611
    P
    		Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP3) (Important)
    2020-12-01
    oval:org.opensuse.security:def:25018
    P
    		Security update for java-1_8_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:18420
    P
    		Security update for java-1_8_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:63942
    P
    		Security update for krb5-appl (Important)
    2020-12-01
    oval:org.opensuse.security:def:24295
    P
    		Security update for util-linux (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18409
    P
    		Security update for libsoup (Important)
    2020-12-01
    oval:org.opensuse.security:def:24276
    P
    		Security update for libxslt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18509
    P
    		Security update for bluez (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24817
    P
    		Security update for openssl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24368
    P
    		Security update for audiofile (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:46113
    P
    		Security update for sane-backends (Important)
    2020-12-01
    oval:org.opensuse.security:def:46328
    P
    		Security update for LibVNCServer (Important)
    2020-12-01
    oval:org.opensuse.security:def:46003
    P
    		Security update for java-1_7_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:18684
    P
    		Security update for zziplib (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18067
    P
    		Security update for libgme (Important)
    2020-12-01
    oval:org.opensuse.security:def:24864
    P
    		Security update for wireshark (Important)
    2020-12-01
    oval:org.opensuse.security:def:18754
    P
    		Security update for bash (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25267
    P
    		Security update for exiv2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:45487
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25004
    P
    		Security update for openjpeg2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18280
    P
    		Security update for libtirpc (Important)
    2020-12-01
    oval:org.opensuse.security:def:18310
    P
    		Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63992
    P
    		Security update for sudo (Important)
    2020-12-01
    oval:org.opensuse.security:def:18323
    P
    		Recommended update for apache2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24206
    P
    		Security update for sane-backends (Important)
    2020-12-01
    oval:org.opensuse.security:def:46116
    P
    		Security update for java-1_8_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:24179
    P
    		Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)
    2020-12-01
    oval:org.opensuse.security:def:24305
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:46029
    P
    		Security update for tomcat (Important)
    2020-12-01
    oval:org.opensuse.security:def:46263
    P
    		Security update for git (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:45990
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:18651
    P
    		Security update for ghostscript (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:19207
    P
    		Security update for exiv2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:45177
    P
    		Security update for libvirt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24714
    P
    		Security update for libX11 (Important)
    2020-12-01
    oval:org.opensuse.security:def:18742
    P
    		Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25235
    P
    		Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:45303
    P
    		Security update for procps (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18274
    P
    		Security update for Botan (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63887
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:126164
    P
    		Security update for exiv2 (Moderate)
    2020-04-03
    oval:org.opensuse.security:def:126581
    P
    		Security update for exiv2 (Moderate)
    2020-04-03
    oval:org.opensuse.security:def:87344
    P
    		Security update for exiv2 (Moderate)
    2020-04-03
    oval:org.opensuse.security:def:89005
    P
    		Security update for exiv2 (Moderate)
    2020-04-03
    oval:com.ubuntu.bionic:def:2019131100000000
    V
    		CVE-2019-13110 on Ubuntu 18.04 LTS (bionic) - medium.
    2019-06-30
    oval:com.ubuntu.cosmic:def:2019131100000000
    V
    		CVE-2019-13110 on Ubuntu 18.10 (cosmic) - medium.
    2019-06-30
    oval:com.ubuntu.xenial:def:2019131100000000
    V
    		CVE-2019-13110 on Ubuntu 16.04 LTS (xenial) - medium.
    2019-06-30
    oval:com.ubuntu.disco:def:2019131100000000
    V
    		CVE-2019-13110 on Ubuntu 19.04 (disco) - medium.
    2019-06-30
    BACK
    exiv2 exiv2 0.27.1