CVE-2017-14864 in Ubuntu

CVE-2017-14864

Priority

Description

An Invalid memory address dereference was discovered in Exiv2::getULong in
types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and
application crash, which leads to denial of service.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14864
https://ubuntu.com/security/notices/USN-3852-1

Bugs

https://github.com/Exiv2/exiv2/issues/73
https://bugzilla.redhat.com/show_bug.cgi?id=1494467

Notes

mdeslaur

same commits as CVE-2017-14859

Package

Source: exiv2 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	released (0.25-3.1ubuntu0.18.04.2)
Ubuntu 16.04 ESM:	released (0.25-2.1ubuntu16.04.3)
Ubuntu 14.04 ESM:	DNE (trusty was released [0.23-1ubuntu2.2])

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-04-13 12:55:55 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)