CVE-2019-13655

{"id": "CVE-2019-13655", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-07-29T19:15:12.403", "references": [{"url": "https://obsidianterminal.blogspot.com/2019/07/dos-in-imgix-cdns-image-processing.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://obsidianterminal.blogspot.com/2019/07/dos-in-imgix-cdns-image-processing.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Imgix through 2019-06-19 allows remote attackers to cause a denial of service (resource consumption) by manipulating a small JPEG file to specify dimensions of 64250x64250 pixels, which is mishandled during an attempt to load the 'whole image' into memory."}, {"lang": "es", "value": "Imgix hasta el 19-06-2019, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (consumo de recursos) mediante la manipulaci\u00f3n de un peque\u00f1o archivo JPEG para especificar dimensiones de 64250x64250 p\u00edxeles, que es manejado inapropiadamente durante un intento para cargar la \"whole image\" en la memoria."}], "lastModified": "2024-11-21T04:25:26.993", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:imgix:imgix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB859A2F-5FB8-4856-ACC1-0867420321DF", "versionEndIncluding": "2019-06-19"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}