Improper Handling of Exceptional Conditions in com.drewnoakes:metadata-extractor

CVE-2022-24613

com.drewnoakes:metadata-extractor

Medium

5.5/10

Summary

metadata-extractor prior to 2.18.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-755 - Improper Handling of Exceptional Conditions

The software does not handle or incorrectly handles an exceptional condition.

References

Advisory
Issue
Release Note

Advisory Timeline

Published Feb 24, 2022

Improper Handling of Exceptional Conditions in com.drewnoakes:metadata-extractor

CVE-2022-24613

Summary

CWE-755 - Improper Handling of Exceptional Conditions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS