SIGABRT vulnerability in DataBuf constructor in Exiv2 0.26

SIGABRT vulnerability in DataBuf constructor in Exiv2 0.26

CVE-2018-9145 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file.

Learn more about our Web Application Penetration Testing UK.