Lucene search
Veracode Vulnerability DatabaseVERACODE:7489HistorySep 17, 2018 - 1:59 a.m.
Denial Of Service (DoS)
2018-09-1701:59:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
EPSS
0.009
Percentile
83.2%
libexiv2.so is vulnerable to denial of service. The Exiv2::IptcData::printStructure function in iptc.cpp related to the != 0x1c case, is affected with a heap-based over-read which would allow a remote attacker to cause a denial of service condition via a crafted TIFF file.
References
access.redhat.com/errata/RHSA-2019:2101
bugzilla.redhat.com/show_bug.cgi?id=1524107
github.com/Exiv2/exiv2/commit/ae0bfa44dfeb79dbf3431f49512305a9ef145eab
github.com/Exiv2/exiv2/issues/210
github.com/Exiv2/exiv2/issues/263
github.com/Exiv2/exiv2/pull/180
github.com/xiaoqx/pocs/blob/master/exiv2/readme.md
security.gentoo.org/glsa/201811-14
Related
redhatcve
redhatcve
ubuntucve
ubuntucve
CVE-2017-17724
2018-02-12 00:00:00
prion
prion
Heap overflow
2018-02-12 22:29:00
nvd
nvd
osv
osv
CVE-2017-17724
2018-02-12 22:29:00
cve
cve
debiancve
debiancve
CVE-2017-17724
2018-02-12 22:29:00
cvelist
cvelist
CVE-2017-17724
2018-02-12 22:00:00
nessus
nessus
Fedora 28 : exiv2 (2018-8b67a5c7e2)
2019-01-03 00:00:00
GLSA-201811-14 : Exiv2: Multiple vulnerabilities
2018-11-26 00:00:00
gentoo
gentoo
Exiv2: Multiple vulnerabilities
2018-11-24 00:00:00
openvas
openvas
CentOS Update for exiv2 CESA-2019:2101 centos7
2019-09-19 00:00:00
oraclelinux
oraclelinux
exiv2 security, bug fix, and enhancement update
2019-08-13 00:00:00
amazon
amazon
Low: exiv2
2019-10-21 18:01:00
centos
centos
exiv2 security update
2019-09-18 20:54:21
redhat
redhat
(RHSA-2019:2101) Low: exiv2 security, bug fix, and enhancement update
2019-08-06 08:00:57