VDB

DEBIAN-CVE-2022-24614

DEBIAN-CVE-2022-24614 PUBLISHED CVSS 5.5 MEDIUM

When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:13libmetadata-extractor-java2.11.0-1, 0, 2.11.0-1
Debian:11libmetadata-extractor-java0, 0, 2.11.0-1
Debian:14libmetadata-extractor-java2.11.0-1, 0, 2.11.0-1
Debian:12libmetadata-extractor-java0, 2.11.0-1, 0

Timeline

  • Feb 24, 2022 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›