1. CVE-Search
  2. CVE-2017-18005
ID CVE-2017-18005
Summary Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.
References
Vulnerable Configurations
  • cpe:2.3:a:exiv2:exiv2:0.26:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.26:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 13-01-2023 - 16:44)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
rpms
  • exiv2-0:0.27.2-5.el8
  • exiv2-debuginfo-0:0.27.2-5.el8
  • exiv2-debugsource-0:0.27.2-5.el8
  • exiv2-devel-0:0.27.2-5.el8
  • exiv2-doc-0:0.27.2-5.el8
  • exiv2-libs-0:0.27.2-5.el8
  • exiv2-libs-debuginfo-0:0.27.2-5.el8
  • gegl-0:0.2.0-39.el8
  • gegl-debuginfo-0:0.2.0-39.el8
  • gegl-debugsource-0:0.2.0-39.el8
  • gnome-color-manager-0:3.28.0-3.el8
  • gnome-color-manager-debuginfo-0:3.28.0-3.el8
  • gnome-color-manager-debugsource-0:3.28.0-3.el8
  • libgexiv2-0:0.10.8-4.el8
  • libgexiv2-debuginfo-0:0.10.8-4.el8
  • libgexiv2-debugsource-0:0.10.8-4.el8
  • libgexiv2-devel-0:0.10.8-4.el8
refmap via4
confirm https://github.com/Exiv2/exiv2/issues/168
Last major update 13-01-2023 - 16:44
Published 31-12-2017 - 19:29
Last modified 13-01-2023 - 16:44
Back to Top