Denial of Service Vulnerability in Exiv2 by Exiv2 Team
CVE-2017-11591

7.5HIGH

Key Information:

Vendor

Exiv2

Status
Exiv2
Vendor
CVE Published:
24 July 2017

What is CVE-2017-11591?

The Exiv2 library version 0.26 is susceptible to a denial of service vulnerability resulting from a floating point exception in the Exiv2::ValueType function. An attacker can exploit this flaw by supplying specially crafted input, which could lead to unexpected behavior or crashes, affecting the availability of the system using this library.

References

https://usn.ubuntu.com/3852-1/
vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1473888
https://lists.debian.org/debian-lts-announce/2023/01/msg0...
mailing-list

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.