CVE-2018-17229Out-of-bounds Write in Exiv2

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 32.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Exiv2Debian Exiv2
Timeline
PublishedSep 19
Latest updateMay 13

Description

Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDexiv2/exiv20.26
debiandebian/exiv2

🔴Vulnerability Details

1
GHSA
GHSA-m3fr-3g6g-rc8x: Exiv2::d2Data in types2022-05-13

📋Vendor Advisories

2
Red Hat
exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp2018-09-17
Debian
CVE-2018-17229: exiv2 - Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a den...2018

💬Community

2
Bugzilla
CVE-2018-17229 exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp [fedora-all]2018-09-24
Bugzilla
CVE-2018-17229 exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp2018-09-24