CVE-2017-11337Use After Free in Exiv2

CWE-416Use After Free6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
1.4%
top 19.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Exiv2Debian Exiv2
Timeline
PublishedJul 17
Latest updateMay 17

Description

There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDexiv2/exiv20.26
debiandebian/exiv2

🔴Vulnerability Details

1
GHSA
GHSA-2g3c-rmmx-7hq8: There is an invalid free in the Action::TaskFactory::cleanup function of actions2022-05-17

📋Vendor Advisories

2
Red Hat
exiv2: Invalid free in the Action::TaskFactory::cleanup2017-07-13
Debian
CVE-2017-11337: exiv2 - There is an invalid free in the Action::TaskFactory::cleanup function of actions...2017

💬Community

2
Bugzilla
CVE-2017-11336 CVE-2017-11337 CVE-2017-11338 CVE-2017-11339 CVE-2017-11340 exiv2: various flaws [fedora-all]2017-07-24
Bugzilla
CVE-2017-11337 exiv2: Invalid free in the Action::TaskFactory::cleanup2017-07-24