CVE-2017-11683

Priority
Description
There is a reachable assertion in the Internal::TiffReader::visitDirectory
function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial
of service attack via crafted input.
Notes
mdeslaurfirst commit skips the issue, third commit is actual fix.
Package
Source: exiv2 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [0.23-1ubuntu2.2])
Ubuntu 16.04 LTS (Xenial Xerus):released (0.25-2.1ubuntu16.04.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.25-3.1ubuntu0.18.04.2)
Patches:
Upstream:https://github.com/Exiv2/exiv2/commit/77616c3204bc65028129edbc3375c8671fe551cb (0.26)
Upstream:https://github.com/Exiv2/exiv2/commit/c90991cbdc9c170171965ea0e4bf697c22b3f1f0 (0.26)
Upstream:https://github.com/Exiv2/exiv2/commit/1f1715c086d8dcdf5165b19164af9aee7aa12e98 (0.26)
More Information

Updated: 2020-01-29 19:57:53 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)