Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-9449

Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.

Related bugs and status

CVE-2014-9449 (Candidate) is related to these bugs:

Bug #1433806: Sync exiv2 0.24-4.1 (main) from Debian unstable (main)

Summary				In	Importance	Status
	1433806	Sync exiv2 0.24-4.1 (main) from Debian unstable (main)		exiv2 (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://dev.exiv2.org/i...
SECUNIA: 61801
FEDORA: FEDORA-2015-0301
BID: 71912
GENTOO: GLSA-201507-03
CONFIRM: http://dev.exiv2.org/p...
UBUNTU: USN-2454-1