CVE-2017-14861 (NVD)

2017-09-29

There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.

Products Exiv2
Type Integer Overflow or Wraparound (CWE-190)
Uncontrolled Recursion (CWE-674)
First patch - None (likely due to unavailable code)
Links https://bugzilla.redhat.com/show_bug.cgi?id=1494787