Published: 18/08/2017 Updated: 22/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.

Vulnerable Product	Search on Vulmon	Subscribe to Product
exiv2 exiv2 0.26

Debian Bug report logs - #888873 exiv2: CVE-2017-12955 Package: src:exiv2; Maintainer for src:exiv2 is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 30 Jan 2018 19:42:01 UTC Severity: grave Tags: fixed-upstream, security, upstream Fo ...

There is a heap-based buffer overflow in basiciocpp of Exiv2 026 The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact ...

CWE-119 CWE-787 https://bugzilla.redhat.com/show_bug.cgi?id=1482295 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888873 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-12955

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-12955

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect