Описание
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| exiv2 | fixed | 0.27.2-6 | package |
Примечания
http://dev.exiv2.org/issues/1307
https://github.com/Exiv2/exiv2/issues/57
https://bugzilla.redhat.com/show_bug.cgi?id=1475124
Problematic assert() exists in all versions in Debian.
Negligable security impact
Связанные уязвимости
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
Уязвимость функции Internal::TiffReader::visitDirectory в tiffvisitor.cpp библиотеки для управления метаданными медиафайлов Exiv2, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании