Published: 24/07/2017 Updated: 13/01/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

It exists that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2017-9239 only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11591, CVE-2017-11683, CVE-2017-14859, CVE-2017-14862, CVE-2017-14864, CVE-2017-17669, CVE-2017-9239, CVE-2018-16336, CVE-2018-1758)

Vulnerable Product	Search on Vulmon	Subscribe to Product
exiv2 exiv2 0.26
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
debian debian linux 10.0

Debian Bug report logs - #876893 exiv2: CVE-2017-11591 Package: src:exiv2; Maintainer for src:exiv2 is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 26 Sep 2017 18:33:01 UTC Severity: normal Tags: fixed-upstream, security, upstream F ...

Several security issues were fixed in Exiv2 ...

There is a Floating point exception in the Exiv2::ValueType function in Exiv2 026 that will lead to a remote denial of service attack via crafted input ...

NVD-CWE-noinfo https://bugzilla.redhat.com/show_bug.cgi?id=1473888 https://usn.ubuntu.com/3852-1/https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876893 https://usn.ubuntu.com/3852-1/https://nvd.nist.gov

CVE-2017-11591

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect