Exiv2 - Corrupted EXIF Data Denial of Service Vulnerability

2006-01-26T00:00:00
ID EDB-ID:27140
Type exploitdb
Reporter Maciek Wierciski
Modified 2006-01-26T00:00:00

Description

Exiv2 Corrupted EXIF Data Denial Of Service Vulnerability. CVE-2005-4676. Dos exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/16400/info

Exiv2 is susceptible to a denial-of-service vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input data before attempting to read it, resulting in an out-of-bounds memory access crash.

This issue allows attackers to crash applications that use the affected library to process malicious image data. Depending on the nature of applications, this may be local or remote in nature.

This issue is present in Exiv2 versions prior to 0.9.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/27140.jpg