Bug 451613 (CVE-2008-2696)
Summary: | CVE-2008-2696 exiv2: crash / divide by zero on crafted images | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | rdieter |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2696 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-03-29 08:15:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Hoger
2008-06-16 06:53:47 UTC
I'm not quite convinced this should be called security vulnerability rather than a regular bug. I only see various "client" applications in Fedora using exiv2, and their crash is rather annoyance than DoS. But maybe there are other usages of exiv2 where crash would matter. Patch in the upstream SVN: http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2?view=rev&revision=1399 All current Fedora / EPEL versions use exiv2 version 0.17.1 or newer. |