Description
metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library.
Remediation
References
https://github.com/drewnoakes/metadata-extractor/issues/561
Related Vulnerabilities
CVE-2014-125087 Vulnerability in maven package com.jamesmurty.utils:java-xmlbuilder
CVE-2021-23341 Vulnerability in maven package org.webjars.npm:prismjs
CVE-2018-3747 Vulnerability in npm package public
CVE-2020-28480 Vulnerability in maven package org.webjars.bower:jointjs
CVE-2020-7760 Vulnerability in maven package org.webjars.bower:codemirror