CVE-2017-14862Improper Restriction of Operations within the Bounds of a Memory Buffer in Exiv2

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.5
EPSS
0.1%
top 69.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Exiv2Debian Exiv2Canonical Ubuntu Linux+1 more
Timeline
PublishedSep 29
Latest updateMay 14

Description

An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/exiv2< exiv2 0.27.2-6 (bookworm)
Debianexiv2/exiv2< 0.27.2-6+3
Ubuntuexiv2/exiv2< 0.23-1ubuntu2.2+2
NVDexiv2/exiv20.26

Also affects: Debian Linux 10.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10

🔴Vulnerability Details

3
GHSA
GHSA-h9fc-xh5j-xxw8: An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value2022-05-14
OSV
exiv2 vulnerabilities2019-01-10
OSV
CVE-2017-14862: An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value2017-09-29

📋Vendor Advisories

3
Ubuntu
Exiv2 vulnerabilities2019-01-10
Red Hat
exiv2: Invalid memory address dereference in the Exiv2::DataValue::read2017-09-23
Debian
CVE-2017-14862: exiv2 - An Invalid memory address dereference was discovered in Exiv2::DataValue::read i...2017

💬Community

3
Bugzilla
CVE-2017-14862 exiv2: Invalid memory address dereference in the Exiv2::DataValue::read2017-10-10
Bugzilla
Invalid memory address dereference in Exiv2::DataValue::read (value.cpp:193)2017-09-23
Bugzilla
CVE-2017-1000126 CVE-2017-1000127 CVE-2017-1000128 CVE-2017-11553 CVE-2017-11591 CVE-2017-11592 CVE-2017-11683 CVE-2017-12955 CVE-2017-12956 CVE-2017-12957 CVE-2017-14857 CVE-2017-14858 CVE-2017-148592017-07-26