Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| andreas_huggel | exiv2 | 0.8 |
| andreas_huggel | exiv2 | 0.6 |
| andreas_huggel | exiv2 | 0.6.1 |
| andreas_huggel | exiv2 | 0.4 |
| andreas_huggel | exiv2 | 0.3 |
| andreas_huggel | exiv2 | 0.6.2 |
| andreas_huggel | exiv2 | 0.5 |
| andreas_huggel | exiv2 | 0.7 |