CVE-2017-18005

CVE	CVE-2017-18005
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-12-31 19:29:00 UTC
Updated	2025-04-20 01:37:25 UTC
Description	Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.

Primary CVSS: v3.1 5.5 MEDIUM from [email protected]

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Problem Types: CWE-476 | n/a

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Primary	5.5	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H`
2.0	[email protected]	Primary	4.3		`AV:N/AC:M/Au:N/C:N/I:N/A:P`

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Application	Exiv2	Exiv2	0.26	All	All	All

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

Reference	Source	Link	Tags
[SECURITY] [DLA 3265-1] exiv2 security update	af854a3a-2127-422b-91ae-364da2661108	lists.debian.org	Mailing List, Third Party Advisory
CVE-2017-18005: NULL Pointer Dereference while extracting metadata of a malformed tiff · Issue #168 · Exiv2/exiv2 · GitHub	af854a3a-2127-422b-91ae-364da2661108	github.com	Exploit, Issue Tracking, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.