libexiv2.so is vulnerable to buffer overflow. The vulnerability exists in the QuickTimeVideo::userDataDecoder
function in quicktimevideo.cpp
where the resulting value will always be larger than the original value allowing an attacker to cause an application crash through an integer overflow by providing a malicious input.
CPE | Name | Operator | Version |
---|---|---|---|
libexiv2.so | le | 26.0.0 | |
libexiv2.so | le | 0.27.5 | |
exiv2:buster | eq | 0.25-4+deb10u1 | |
libexiv2.so | le | 26.0.0 | |
libexiv2.so | le | 0.27.5 | |
exiv2:buster | eq | 0.25-4+deb10u1 |