Heap-Based Buffer Over-Read Vulnerability in Exiv2 Image Processing Software
CVE-2017-17723

8.1HIGH

Key Information:

Vendor: Exiv2
Status: Exiv2
Vendor: CVE Published:; 12 February 2018

What is CVE-2017-17723?

In Exiv2 version 0.26, a heap-based buffer over-read occurs in the Exiv2::Image::byteSwap4 function within image.cpp. This vulnerability can be exploited by remote attackers who craft malicious TIFF files, potentially allowing them to disclose sensitive memory data or initiate a denial of service. It highlights a significant vulnerability for users relying on image processing functionalities in Exiv2, underscoring the need for prompt attention to security updates.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1524104

x_refsource_MISC

https://security.gentoo.org/glsa/201811-14

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2018
Vulnerability Reserved
Dec 17, 2017