CVE-2017-17725 log
Source |
|
Severity | Low |
Remote | No |
Type | Denial of service |
Description | In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of service via a crafted image file. Note that this vulnerability is different from CVE-2017-14864, which is an invalid memory address dereference. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-614 | exiv2 | 0.26-2 | 0.27.1-1 | Medium | Fixed |
References |
---|
https://github.com/Exiv2/exiv2/issues/188 https://bugzilla.redhat.com/show_bug.cgi?id=1525055 |