Red Hat Bugzilla – Bug 451613
CVE-2008-2696 exiv2: crash / divide by zero on crafted images
Last modified: 2010-03-29 04:15:40 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2696 to the following vulnerability:
Exiv2 0.16 allows user-assisted remote attackers to cause a denial of
service (divide-by-zero and application crash) via a zero value in
Nikon lens information in the metadata of an image, related to "pretty
printing" and the RationalValue::toLong function.
Fixed upstream in: 0.17
I'm not quite convinced this should be called security vulnerability rather than
a regular bug. I only see various "client" applications in Fedora using exiv2,
and their crash is rather annoyance than DoS. But maybe there are other usages
of exiv2 where crash would matter.
Patch in the upstream SVN:
All current Fedora / EPEL versions use exiv2 version 0.17.1 or newer.