AVG-360 log
| Package | exiv2 |
| Status | Fixed |
| Severity | Medium |
| Type | denial of service |
| Affected | 0.26-2 |
| Fixed | 0.27.1-1 |
| Current | 0.28.2-3 [extra] |
| Ticket | None |
| Created | Mon Jul 24 16:00:17 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2017-11592 | Medium | Yes | Denial of service | There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of... |
| CVE-2017-11591 | Medium | No | Denial of service | There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. |
| CVE-2017-11553 | Medium | Yes | Denial of service | There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service. |
| References |
|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1473888 https://bugzilla.redhat.com/show_bug.cgi?id=1473889 https://bugzilla.redhat.com/show_bug.cgi?id=1471772 |
| Notes |
|---|
https://github.com/Exiv2/exiv2/pull/120 https://github.com/NixOS/nixpkgs/issues/39366 Should be checked against that, and AVG-614 |