Lucene search
Gentoo FoundationGLSA-201507-03HistoryJul 07, 2015 - 12:00 a.m.
Exiv2: Denial of service
2015-07-0700:00:00
Gentoo Foundation
security.gentoo.org
9
0.032 Low
EPSS
Percentile
91.2%
Background
Exiv2 is a C++ library and a command line utility to manage image metadata.
Description
Exiv2 has a buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp.
Impact
A remote attacker could possibly cause a Denial of Service condition via a specially crafted AVI file with IKEY INFO tag.
Workaround
There is no known workaround at this time.
Resolution
All Exiv2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.24-r1"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | media-gfx/exiv2 | < 0.24-r1 | UNKNOWN |
Related
nessus
nessus
Ubuntu 14.10 : exiv2 vulnerability (USN-2454-1)
2015-01-08 00:00:00
Fedora 21 : exiv2-0.24-4.fc21 (2015-0301)
2015-01-22 00:00:00
GLSA-201507-03 : Exiv2: Denial of Service
2015-07-08 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2454-1)
2015-01-23 00:00:00
Gentoo Security Advisory GLSA 201507-03
2015-09-29 00:00:00
Fedora Update for exiv2 FEDORA-2015-0301
2015-01-22 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: exiv2-0.24-4.fc21
2015-01-21 22:59:29
prion
prion
Buffer overflow
2015-01-02 20:59:00
securityvulns
securityvulns
[USN-2454-1] Exiv2 vulnerability
2015-01-13 00:00:00
exivw library DoS
2015-01-13 00:00:00
ubuntucve
ubuntucve
CVE-2014-9449
2015-01-02 00:00:00
ubuntu
ubuntu
Exiv2 vulnerability
2015-01-07 00:00:00
cve
cve
CVE-2014-9449
2015-01-02 20:59:00
debiancve
debiancve
CVE-2014-9449
2015-01-02 20:59:00
cvelist
cvelist
CVE-2014-9449
2015-01-02 20:00:00