Exiv2 is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users.

Exiv2 0.27.2 and prior are vulnerable; other versions may also be affected.


Bugtraq ID: 109117

Class: Boundary Condition Error

CVE: CVE-2019-13504

Remote: Yes

Local: No

Published: Jul 10 2019 12:00AM

Updated: Jul 10 2019 12:00AM

Credit: Yevgeny

Vulnerable: Exiv2 Exiv2 0.27.2
Exiv2 Exiv2 0.27
Exiv2 Exiv2 0.26
Exiv2 Exiv2 0.24

Not Vulnerable:


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.