ID CVE-2017-9953
Summary There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
References
Vulnerable Configurations
  • cpe:2.3:a:exiv2:exiv2:0.26:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.26:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 30-06-2017 - 16:11)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
misc https://bugzilla.redhat.com/show_bug.cgi?id=1465061
Last major update 30-06-2017 - 16:11
Published 26-06-2017 - 23:29
Last modified 30-06-2017 - 16:11
Back to Top