Note:
This project will be discontinued after December 13, 2021. [more]
2017-07-23
There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input.
| Products | Exiv2 |
| Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
| First patch | - None (likely due to unavailable code) |
| Links | https://bugzilla.redhat.com/show_bug.cgi?id=1473889 |