CVE-2017-18005 — NULL Pointer Dereference in Exiv2

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 41.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedDec 31

Latest updateMay 14

Description

Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

▶debiandebian/exiv2< exiv2 0.27.2-6 (bookworm)

▶Debianexiv2/exiv2< 0.27.2-6+3

Also affects: Debian Linux 10.0

GHSA

GHSA-824g-h3q7-mx9v: Exiv2 0↗2022-05-14

▶

OSV

CVE-2017-18005: Exiv2 0↗2017-12-31

▶

Red Hat

exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp↗2017-11-18

▶

Debian

CVE-2017-18005: exiv2 - Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong functi...↗2017

▶

Bugzilla

CVE-2017-18005 exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp↗2018-01-04

▶