Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for exiv2

This update for exiv2 fixes the following issues:

Security issues fixed:

- CVE-2017-11591: There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. (boo#1050257)
- CVE-2017-11683: There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. (boo#1051188)
- CVE-2017-14865: There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. (boo#1061003)
- CVE-2017-14862: An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (boo#1060996)
- CVE-2017-14859: An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (boo#1061000)

Fixed bugs
bnc#1061003
VUL-0: CVE-2017-14865: exiv2: It is a heap-buffer-overflow in Exiv2::us2Data (types.cpp:346)
bnc#1051188
VUL-1: CVE-2017-11683: exiv2: DoS via triggered assertion in tiffvisitor.cpp
bnc#1060996
VUL-0: CVE-2017-14862: exiv2: Invalid memory address dereference in Exiv2::DataValue::read (value.cpp:193)
bnc#1061000
VUL-0: CVE-2017-14859: exiv2: Invalid memory address dereference in Exiv2::StringValueBase::read ( in value.cpp:302)
bnc#1050257
VUL-1: CVE-2017-11591: exiv2: Floating point exception in Exiv2::ValueType
CVE-2017-11683
CVE-2017-14862
CVE-2017-14859
CVE-2017-14865
CVE-2017-11591
Selected Binaries
openSUSE Build Service is sponsored by
Places