Description
Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata.
Affected products
- andreas_huggel / exiv20.3 – 0.3
- andreas_huggel / exiv20.4 – 0.4
- andreas_huggel / exiv20.5 – 0.5
- andreas_huggel / exiv20.6 – 0.6
- andreas_huggel / exiv20.6.1 – 0.6.1
- andreas_huggel / exiv20.6.2 – 0.6.2
- andreas_huggel / exiv20.7 – 0.7
- andreas_huggel / exiv20.8 – 0.8
References
- MISChttp://home.arcor.de/ahuggel/exiv2/changelog.html
- MISChttp://dev.robotbattle.com/mantis/bug_view_advanced_page.php?bug_id=447
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/0345
- VENDOR_ADVISORYhttp://secunia.com/advisories/18619
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/24349
- MISChttp://www.securityfocus.com/bid/16400