Heap-based Buffer Over-read in Exiv2::IptcData::printStructure Function in iptc.cpp

Heap-based Buffer Over-read in Exiv2::IptcData::printStructure Function in iptc.cpp

CVE-2017-17724 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the "!= 0x1c" case. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file.

Learn more about our Web Application Penetration Testing UK.