CVE-2017-18005
exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.
Exiv2 0.26 tiene una desreferencia de puntero NULL en la función Exiv2::DataValue::toLong en value.cpp. Esto está relacionado con metadatos manipulados en un archivo TIFF.
The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed include buffer overflow, denial of service, integer overflow, null pointer, and out of bounds read vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-12-31 CVE Reserved
- 2017-12-31 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
- CWE-617: Reachable Assertion
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/Exiv2/exiv2/issues/168 | 2024-09-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2017-18005 | 2020-04-28 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1531171 | 2020-04-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Exiv2 Search vendor "Exiv2" | Exiv2 Search vendor "Exiv2" for product "Exiv2" | 0.26 Search vendor "Exiv2" for product "Exiv2" and version "0.26" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||