CVE-2017-14858 (NVD)

2017-09-28

There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.

Products Exiv2
Type Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
First patch - None (likely due to unavailable code)
Links https://bugzilla.redhat.com/show_bug.cgi?id=1494782