CVE-2017-17724
First published: Mon Feb 12 2018(Updated: )
A flaw was found in Exiv2 0.26. There is a integer underflow, leading to a heap-based buffer over-read, in the Exiv2::IptcData::printStructure function in iptc.cpp. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file or, possibly, disclose memory data. References: <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - exiv2 library: heap-based buffer over-read in Exiv2::IptcData::printStructure (iptc.cpp)" href="show_bug.cgi?id=1524107">https://bugzilla.redhat.com/show_bug.cgi?id=1524107</a> <a href="https://github.com/Exiv2/exiv2/issues/210">https://github.com/Exiv2/exiv2/issues/210</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Exiv2 Exiv2 | =0.26 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1524107
- https://github.com/Exiv2/exiv2/issues/210
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1545238
- https://github.com/Exiv2/exiv2/commit/bdf8d3ad5b7275b10eef3a0e3a713859cb3f6c2f
- https://github.com/Exiv2/exiv2/commit/6e19d043efcf8425fdd08cd8a856d1c46528cf10
- https://github.com/Exiv2/exiv2/commit/09c734fbcd98b3ae880a90d669569c95242f477e
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1564284
- https://access.redhat.com/errata/RHSA-2019:2101
- https://access.redhat.com/security/cve/cve-2017-17724
- https://bugzilla.redhat.com/show_bug.cgi?id=1545237
- https://bugzilla.redhat.com/show_bug.cgi?id=1524107
- https://github.com/Exiv2/exiv2/issues/263
- https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md
- https://security.gentoo.org/glsa/201811-14
- collector/redhat-bugzilla
- alias/CVE-2017-17724
- collector/nvd-index
- vendor/exiv2
- canonical/exiv2 exiv2
- version/exiv2 exiv2/0.26