CVE-2017-14862

Priority
Low
Description
An Invalid memory address dereference was discovered in
Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes
a segmentation fault and application crash, which leads to denial of
service.
References
Bugs
Package
Source: exiv2 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Patches:
Upstream:https://github.com/Exiv2/exiv2/pull/110
Upstream:https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca
More Information

Updated: 2018-06-26 04:11:17 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)