CVE-2017-17725 — Integer Overflow or Wraparound in Exiv2

CWE-190 — Integer Overflow or Wraparound CWE-125 — Out-of-bounds Read6 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.6%

top 31.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exiv2 Debian Exiv2

Timeline

PublishedFeb 12

Latest updateMay 14

Description

In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of service via a crafted image file. Note that this vulnerability is different from CVE-2017-14864, which is an invalid memory address dereference.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDexiv2/exiv20.26

▶debiandebian/exiv2

🔴Vulnerability Details

GHSA

GHSA-qxcp-2wh8-fqw4: In Exiv2 0↗2022-05-14

▶

📋Vendor Advisories

Red Hat

exiv2: heap-based buffer over-read in Exiv2::getULong function in types.cpp↗2017-12-12

▶

Debian

CVE-2017-17725: exiv2 - In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-...↗2017

▶

💬Community

Bugzilla

CVE-2017-17725 exiv2: heap-based buffer over-read in Exiv2::getULong function in types.cpp↗2018-02-14

▶

Bugzilla

CVE-2017-17725 exiv2: heap-based buffer over-read in Exiv2::getULong function in types.cpp [fedora-all]↗2018-02-14

▶