CVE-2017-14859: Buffer Overflow

First published: Thu Sep 28 2017(Updated: )

An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Exiv2 Exiv2	=0.26
Canonical Ubuntu Linux	=14.04
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=18.10
Debian Debian Linux	=10.0
ubuntu/exiv2	<0.25-3.1ubuntu0.18.04.2	0.25-3.1ubuntu0.18.04.2
ubuntu/exiv2	<0.25-4ubuntu0.1	0.25-4ubuntu0.1
ubuntu/exiv2	<0.23-1ubuntu2.2	0.23-1ubuntu2.2
ubuntu/exiv2	<0.25-2.1ubuntu16.04.3	0.25-2.1ubuntu16.04.3
debian/exiv2		0.27.3-3+deb11u2 0.27.3-3+deb11u1 0.27.6-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-3852-1

collector/nvd-index
agent/author
agent/references
agent/type
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
collector/nvd-cve
source/NVD
agent/event
agent/severity
agent/weakness
agent/tags
agent/description
collector/usn-cve
source/Ubuntu
vendor/exiv2
canonical/exiv2 exiv2
version/exiv2 exiv2/0.26
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/14.04
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/18.10
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
package-manager/debian
package-manager/ubuntu

CVE-2017-14859: Buffer Overflow

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Company

Resources

Contact