Description
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.
Remediation
References
https://github.com/drewnoakes/metadata-extractor/issues/561
Related Vulnerabilities
CVE-2018-16484 Vulnerability in npm package m-server
CVE-2021-21627 Vulnerability in maven package org.jenkins-ci.plugins:libvirt-slave
CVE-2021-32854 Vulnerability in maven package org.webjars.npm:textangular
CVE-2022-2564 Vulnerability in maven package org.webjars.npm:mongoose
CVE-2022-28220 Vulnerability in maven package org.apache.james.protocols:protocols-netty