CVE-2014-9449

Published: 2 January 2015

Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.

Priority

Status

Package	Release	Status
exiv2 Launchpad, Ubuntu, Debian	lucid	Not vulnerable (code not present)
	precise	Not vulnerable (code not present)
	trusty	Does not exist (trusty was not-affected [code not present])
	upstream	Needs triage
	utopic	Released (0.24-2ubuntu1.1)
	Patches: upstream: http://dev.exiv2.org/projects/exiv2/repository/revisions/3264

References

http://secunia.com/advisories/61801
https://ubuntu.com/security/notices/USN-2454-1
https://www.cve.org/CVERecord?id=CVE-2014-9449
NVD
Launchpad
Debian

Bugs

http://dev.exiv2.org/issues/960

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›