Published: 19 September 2018
Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
CVSS 3 base score: 6.5
Launchpad, Ubuntu, Debian
|Ubuntu 18.04 LTS (Bionic Beaver)||
|Ubuntu 16.04 LTS (Xenial Xerus)||
|Ubuntu 14.04 ESM (Trusty Tahr)||
Does not exist
(trusty was not-affected)
fixed by afb98cbc6e288dc8ea75f3394a347fb9b37abc55, which introduced CVE-2018-17282
code vulnerable was introduced later in version 0.27.