Your submission was sent successfully! Close

CVE-2019-17402

Published: 09 October 2019

Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
exiv2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (0.25-3.1ubuntu0.18.04.4)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.25-2.1ubuntu16.04.5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/Exiv2/exiv2/commit/b7890776c62398ca1005e8edc32786859d60fcf7
Upstream: https://github.com/phako/exiv2/commit/73b874fb14d02578f876aa7dd404cf7c07b6dc4e