Description
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.
Remediation
References
https://github.com/drewnoakes/metadata-extractor/issues/561
Related Vulnerabilities
CVE-2021-3666 Vulnerability in npm package body-parser-xml
CVE-2020-23849 Vulnerability in npm package jsoneditor
CVE-2017-12617 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2021-21422 Vulnerability in npm package mongo-express
CVE-2022-25894 Vulnerability in maven package com.bstek.uflo:uflo-core