Note:
This project will be discontinued after December 13, 2021. [more]
2018-01-18
In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.
| Products | Exiv2 |
| Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://github.com/Exiv2/exiv2/issues/216
• http://www.securityfocus.com/bid/102789 • https://security.gentoo.org/glsa/201811-14 |