Lucene search

K
osvGoogleOSV:PYSEC-2017-112
HistoryMay 26, 2017 - 10:29 a.m.

PYSEC-2017-112

2017-05-2610:29:00
Google
osv.dev
14
exiv2
0.26
ifd
data structure
segmentation fault
tiff file
vulnerability

EPSS

0.004

Percentile

73.0%

An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.