CVE-2017-12955Improper Restriction of Operations within the Bounds of a Memory Buffer in Exiv2

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow6 documents5 sources
Severity
8.8HIGHNVD
EPSS
1.1%
top 21.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Exiv2Debian Exiv2
Timeline
PublishedAug 18
Latest updateMay 17

Description

There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDexiv2/exiv20.26
debiandebian/exiv2

🔴Vulnerability Details

1
GHSA
GHSA-2fr9-r8v5-x2h3: There is a heap-based buffer overflow in basicio2022-05-17

📋Vendor Advisories

2
Red Hat
exiv2: Heap-based buffer overflow in basicio.cpp2017-08-17
Debian
CVE-2017-12955: exiv2 - There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerab...2017

💬Community

2
Bugzilla
CVE-2017-12955 exiv2: Heap-based buffer overflow in basicio.cpp2017-08-31
Bugzilla
CVE-2017-1000126 CVE-2017-1000127 CVE-2017-1000128 CVE-2017-11553 CVE-2017-11591 CVE-2017-11592 CVE-2017-11683 CVE-2017-12955 CVE-2017-12956 CVE-2017-12957 CVE-2017-14857 CVE-2017-14858 CVE-2017-148592017-07-26