Published: 02/01/2015 Updated: 10/11/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote malicious users to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
exiv2 exiv2 0.24
fedoraproject fedora 21

Debian Bug report logs - #773846 exiv2: CVE-2014-9449: buffer overflow in RiffVideo::infoTagsHandler Package: exiv2; Maintainer for exiv2 is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Source for exiv2 is src:exiv2 (PTS, buildd, popcon) Affects: geeqie, digikam Reported by: Klaus Ethgen <Klaus@Ethgend ...

Exiv2 could be made to crash if it opened a specially crafted file ...

Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideocpp in Exiv2 024 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file ...

CWE-119 http://dev.exiv2.org/issues/960 http://secunia.com/advisories/61801 http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148382.html http://www.securityfocus.com/bid/71912 https://security.gentoo.org/glsa/201507-03 http://www.ubuntu.com/usn/USN-2454-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773846 https://usn.ubuntu.com/2454-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-9449

CVE-2014-9449

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect