Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2017-14864

Published: 28 September 2017

An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Notes

AuthorNote
mdeslaur 
same commits as CVE-2017-14859

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
exiv2
Launchpad, Ubuntu, Debian 		artful Ignored
(reached end-of-life)
bionic
Released (0.25-3.1ubuntu0.18.04.2)
cosmic
Released (0.25-4ubuntu0.1)
precise Does not exist

trusty Does not exist
(trusty was released [0.23-1ubuntu2.2])
upstream Needs triage

xenial
Released (0.25-2.1ubuntu16.04.3)
zesty Ignored
(reached end-of-life)

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading