CVE-2017-9239 — Divide By Zero in Exiv2

CWE-369 — Divide By Zero9 documents7 sources

Severity

6.5MEDIUMNVD

OSV7.5

EPSS

0.2%

top 61.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exiv2 Debian Exiv2 Canonical Ubuntu Linux

Timeline

PublishedMay 26

Latest updateMay 13

Description

An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/exiv2< exiv2 0.25-3.1 (bookworm)

▶Debianexiv2/exiv2< 0.25-3.1+3

▶Ubuntuexiv2/exiv2< 0.23-1ubuntu2.2+2

▶NVDexiv2/exiv20.26

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 18.10

🔴Vulnerability Details

GHSA

GHSA-977x-9gqx-rv45: An issue was discovered in Exiv2 0↗2022-05-13

▶

OSV

exiv2 vulnerabilities↗2019-01-10

▶

OSV

CVE-2017-9239: An issue was discovered in Exiv2 0↗2017-05-26

▶

📋Vendor Advisories

Ubuntu

Exiv2 vulnerabilities↗2019-01-10

▶

Red Hat

exiv2: Segmentation fault in TiffImageEntry::doWriteImage function↗2017-05-25

▶

Debian

CVE-2017-9239: exiv2 - An issue was discovered in Exiv2 0.26. When the data structure of the structure ...↗2017

▶

💬Community

Bugzilla

CVE-2017-9239 exiv2: Segmentation fault in TiffImageEntry::doWriteImage function [fedora-all]↗2017-05-26

▶

Bugzilla

CVE-2017-9239 exiv2: Segmentation fault in TiffImageEntry::doWriteImage function↗2017-05-26

▶