CVE-2014-9449 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Exiv2

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120 — Classic Buffer Overflow8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

1.3%

top 20.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exiv2 Debian Exiv2 Fedoraproject Fedora

Timeline

PublishedJan 2

Latest updateMay 17

Description

Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/exiv2< exiv2 0.24-4.1 (bookworm)

▶Debianexiv2/exiv2< 0.24-4.1+3

▶NVDexiv2/exiv20.24

Also affects: Fedora 21

🔴Vulnerability Details

GHSA

GHSA-cc42-3g88-r78c: Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo↗2022-05-17

▶

OSV

CVE-2014-9449: Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo↗2015-01-02

▶

📋Vendor Advisories

Ubuntu

Exiv2 vulnerability↗2015-01-07

▶

Red Hat

exiv2: buffer overflow in RiffVideo::infoTagsHandler↗2014-06-05

▶

Debian

CVE-2014-9449: exiv2 - Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in E...↗2014

▶

💬Community

Bugzilla

CVE-2014-9449 exiv2: buffer overflow in RiffVideo::infoTagsHandler [fedora-21]↗2015-01-05

▶

Bugzilla

CVE-2014-9449 exiv2: buffer overflow in RiffVideo::infoTagsHandler↗2015-01-05

▶