CVE-2023-44398
Summary
A critical out-of-bounds write vulnerability (CVE-2023-44398) has been discovered in the Exiv2 C++ library, specifically in the Brotli decompression function introduced in version v0.28.0. This vulnerability can be exploited by an attacker who tricks a user into processing a specially crafted image file, potentially leading to code execution.
IFF Assessment
FOE
The vulnerability allows for potential code execution, posing a direct threat to systems and users.
Severity
8.8
High
Defender Context
This vulnerability in Exiv2, a widely used image metadata library, is a serious concern as it can lead to remote code execution. Defenders should prioritize patching or updating Exiv2 to version v0.28.1 and ensure that user-facing applications that process image metadata are protected from crafted inputs.