Lucene search
Veracode Vulnerability DatabaseVERACODE:6458HistoryJun 01, 2018 - 4:57 a.m.
Invalid Memory Dereference
2018-06-0104:57:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.001 Low
EPSS
Percentile
39.7%
libexiv2.so is vulnerable to invalid memory dereference attacks. The vulnerability exists in Exiv2::getULong in types.cpp where parsing an image with invalid exif values would cause a denial of service (DoS).
| CPE | Name | Operator | Version |
|---|---|---|---|
| libexiv2.so | le | 12.0.0 | |
| libexiv2.so | le | 12.0.0 | |
| exiv2:buster | eq | 0.25-4+deb10u1 |
References
Related
debiancve
debiancve
CVE-2017-14864
2017-09-29 01:34:49
CVE-2017-17725
2018-02-12 22:29:00
prion
prion
Security feature bypass
2017-09-29 01:34:00
Integer overflow
2018-02-12 22:29:00
redhatcve
redhatcve
CVE-2017-14864
2017-10-10 11:50:22
cvelist
cvelist
CVE-2017-14864
2017-09-28 00:00:00
CVE-2017-17725
2018-02-12 22:00:00
osv
osv
CVE-2017-14864
2017-09-29 01:34:49
CVE-2017-17725
2018-02-12 22:29:00
exiv2 - security update
2017-10-26 00:00:00
nvd
nvd
CVE-2017-14864
2017-09-29 01:34:49
CVE-2017-17725
2018-02-12 22:29:00
cve
cve
CVE-2017-14864
2017-09-29 01:34:49
CVE-2017-17725
2018-02-12 22:29:00
ubuntucve
ubuntucve
CVE-2017-14864
2017-09-28 00:00:00
CVE-2017-17725
2018-02-12 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1147-1)
2018-02-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3882-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3882-2)
2021-04-19 00:00:00
nessus
nessus
Debian DLA-1147-1 : exiv2 security update
2017-10-27 00:00:00
SUSE SLED12 / SLES12 Security Update : exiv2 (SUSE-SU-2018:3882-2)
2018-12-13 00:00:00
SUSE SLED12 / SLES12 Security Update : exiv2 (SUSE-SU-2018:3882-1)
2018-11-26 00:00:00
debian
debian
[SECURITY] [DLA 1147-1] exiv2 security update
2017-10-26 17:13:39
[SECURITY] [DLA 3265-1] exiv2 security update
2023-01-10 17:02:40
ubuntu
ubuntu
Exiv2 vulnerabilities
2019-01-10 00:00:00
suse
suse
Security update for exiv2 (moderate)
2018-07-14 03:09:16
mageia
mageia
Updated exiv2 packages fix security vulnerabilities & bugs
2017-10-30 22:23:17