Vulnerabilities > CVE-2008-2696 - Numeric Errors vulnerability in Exiv2 0.16

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
exiv2
CWE-189
nessus
NVD
Published: 2008-06-13
Updated: 2024-11-21

Summary

Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to "pretty printing" and the RationalValue::toLong function.

Vulnerable Configurations

Part Description Count
Application
Exiv2
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_EXIV2-081022.NASL
    descriptionThis update of exiv2 solves a denial of service bug that can be triggered by using crafted metadata. (CVE-2008-2696)
    last seen2020-06-01
    modified2020-06-02
    plugin id39958
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39958
    titleopenSUSE Security Update : exiv2 (exiv2-267)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-655-1.NASL
    descriptionMeder Kydyraliev discovered that exiv2 did not correctly handle certain EXIF headers. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service, or possibly executing arbitrary code with user privileges. (CVE-2007-6353) Joakim Bildrulle discovered that exiv2 did not correctly handle Nikon lens EXIF information. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service. (CVE-2008-2696). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37662
    published2009-04-23
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37662
    titleUbuntu 7.04 / 7.10 / 8.04 LTS : exiv2 vulnerabilities (USN-655-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBEXIV2-5707.NASL
    descriptionThis update of libexiv2 solves a denial of service bug that can be triggered by using crafted metadata. (CVE-2008-2696)
    last seen2020-06-01
    modified2020-06-02
    plugin id34509
    published2008-10-29
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34509
    titleopenSUSE 10 Security Update : libexiv2 (libexiv2-5707)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-119.NASL
    descriptionA flaw was found in exiv2 that would cause exiv2, or applications linked to libexiv2, to crash on image files with certain metadata in the image (CVE-2008-2696). The updated packages have been patched to prevent this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id36938
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36938
    titleMandriva Linux Security Advisory : exiv2 (MDVSA-2008:119)

References