Published: 13/06/2008 Updated: 08/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Exiv2 0.16 allows user-assisted remote malicious users to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to "pretty printing" and the RationalValue::toLong function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
exiv2 exiv2 0.16

Debian Bug report logs - #486328 CVE-2008-2696: DoS via metadata in images Package: exiv2; Maintainer for exiv2 is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Source for exiv2 is src:exiv2 (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Sun, 15 Jun 2008 11:4 ...

Meder Kydyraliev discovered that exiv2 did not correctly handle certain EXIF headers If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service, or possibly executing arbitrary code with user privileges (CVE-20 ...

CWE-189 http://bugzilla.gnome.org/show_bug.cgi?id=524715 http://dev.robotbattle.com/bugs/view.php?id=0000546 http://www.exiv2.org/changelog.html http://www.securityfocus.com/bid/29586 http://secunia.com/advisories/30519 http://www.mandriva.com/security/advisories?name=MDVSA-2008:119 http://secunia.com/advisories/32273 http://www.ubuntu.com/usn/usn-655-1 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html http://www.vupen.com/english/advisories/2008/1766/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42885 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486328 https://usn.ubuntu.com/655-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-2696

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect