An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | exiv2 | < 0.27.2-6 | exiv2_0.27.2-6_all.deb |
Debian | 11 | all | exiv2 | < 0.27.2-6 | exiv2_0.27.2-6_all.deb |
Debian | 10 | all | exiv2 | < 0.25-4+deb10u4 | exiv2_0.25-4+deb10u4_all.deb |
Debian | 999 | all | exiv2 | < 0.27.2-6 | exiv2_0.27.2-6_all.deb |
Debian | 13 | all | exiv2 | < 0.27.2-6 | exiv2_0.27.2-6_all.deb |