CVE-2017-17723 (retired)

Priority
Description
In Exiv2 0.26, there is a heap-based buffer over-read in the
Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit
this vulnerability to disclose memory data or cause a denial of service via
a crafted TIFF file.
Notes
 mdeslaur> first commit same as CVE-2017-11591
 mdeslaur> can't reproduce with 0.25, and code isn't present.
Package
Source: exiv2 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (code not present)
Ubuntu 19.04 (Disco Dingo):not-affected (code not present)
Patches:
Upstream:https://github.com/Exiv2/exiv2/commit/7f5b0778fa301b68c1c88e3820ec3afbd09dd0a5 (0.26)
Upstream:https://github.com/Exiv2/exiv2/commit/1e07c98dfcbd8ac10ee02088f08235f5e1700148 (0.26)
More Information

Updated: 2019-03-26 12:25:23 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)