Published: 13/12/2017 Updated: 13/01/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

It exists that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2017-9239 only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11591, CVE-2017-11683, CVE-2017-14859, CVE-2017-14862, CVE-2017-14864, CVE-2017-17669, CVE-2017-9239, CVE-2018-16336, CVE-2018-1758)

Vulnerable Product	Search on Vulmon	Subscribe to Product
exiv2 exiv2 0.26
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
debian debian linux 10.0

Debian Bug report logs - #886006 exiv2: CVE-2017-17669: heap-buffer-overflow in Exiv2::Internal::PngChunk::keyTXTChunk Package: src:exiv2; Maintainer for src:exiv2 is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 1 Jan 2018 14:03:02 U ...

Several security issues were fixed in Exiv2 ...

There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_intcpp in Exiv2 026 A crafted PNG file will lead to a remote denial of service attack ...

CWE-125 https://github.com/Exiv2/exiv2/issues/187 https://usn.ubuntu.com/3852-1/https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886006 https://usn.ubuntu.com/3852-1/https://nvd.nist.gov

CVE-2017-17669

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect