AVG-360

Package exiv2
Status Vulnerable
Severity Medium
Type denial of service
Affected 0.26-2
Fixed Unknown
Current 0.26-2 [extra]
Ticket Create
Created Mon Jul 24 16:00:17 2017
Issue Severity Remote Type Description
CVE-2017-11592 Medium Yes Denial of service
There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of...
CVE-2017-11591 Medium No Denial of service
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
CVE-2017-11553 Medium Yes Denial of service
There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1473888
https://bugzilla.redhat.com/show_bug.cgi?id=1473889
https://bugzilla.redhat.com/show_bug.cgi?id=1471772
Notes
https://github.com/Exiv2/exiv2/pull/120
https://github.com/NixOS/nixpkgs/issues/39366

Should be checked against that, and AVG-614