CVE-2008-2696 — Exiv2 vulnerability

CWE-1897 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

1.8%

top 17.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exiv2 Debian Exiv2

Timeline

PublishedJun 13

Latest updateMay 1

Description

Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to "pretty printing" and the RationalValue::toLong function.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/exiv2< exiv2 0.17-1 (bookworm)

▶Debianexiv2/exiv2< 0.17-1+3

▶NVDexiv2/exiv20.16

🔴Vulnerability Details

GHSA

GHSA-rcfw-ggjf-vmfj: Exiv2 0↗2022-05-01

▶

OSV

CVE-2008-2696: Exiv2 0↗2008-06-13

▶

📋Vendor Advisories

Ubuntu

exiv2 vulnerabilities↗2008-10-15

▶

Debian

CVE-2008-2696: exiv2 - Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (d...↗2008

▶

Red Hat

exiv2: crash / divide by zero on crafted images↗

▶

💬Community

Bugzilla

CVE-2008-2696 exiv2: crash / divide by zero on crafted images↗2008-06-16

▶