CVE-2017-1000128

Priority
Description
Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser
Notes
ratliffno crashes on trusty, xenial
mdeslaurdoesn't crash on bionic either
based on the fixes below, it looks like this issue was
introduced by the following commit:
https://github.com/Exiv2/exiv2/commit/699e1c744e50782e3ed7411cc6ac28260aa169c0
which was added to 0.26
Package
Source: exiv2 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Patches:
Upstream:https://github.com/Exiv2/exiv2/commit/d09c4bb7cdc670ec7f1ffe2da4e378dfbbe45432
Upstream:https://github.com/Exiv2/exiv2/commit/14ff034fb4efc557476f498af3874dc22e3801e8
Upstream:https://github.com/Exiv2/exiv2/commit/22527f0927b687804f83f1cc1ec36e2f042c9f83
Upstream:https://github.com/Exiv2/exiv2/commit/00f32316b2aa9664194fbc4fae11ee54808ebcf6
More Information

Updated: 2020-09-10 05:35:00 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)