thr3ads.net - Secure testing team - [Secure-testing-team] Bug#486328: CVE-2008-2696: DoS via metadata in images [Jun 2008]

If this information is useful, please help other people find it:
Share via:

Steffen Joeris

2008-Jun-15 11:41 UTC

[Secure-testing-team] Bug#486328: CVE-2008-2696: DoS via metadata in images

Package: exiv2
Severity: grave
Tags: security, patch
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for exiv2.

CVE-2008-2696[0]:
Exiv2 0.16 allows user-assisted remote attackers to cause a denial of
service (divide-by-zero and application crash) via a zero value in Nikon
lens information in the metadata of an image, related to "pretty
printing" and the RationalValue::toLong function. 

See upstream patch at:
http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499


If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2696
    http://security-tracker.debian.net/tracker/CVE-2008-2696

Secure testing team - Jun 2008 - Bug#486328: CVE-2008-2696: DoS via metadata in images

[Secure-testing-team] Bug#486328: CVE-2008-2696: DoS via metadata in images