Source: exiv2
Version: 0.24-1
Severity: normal
Tags: patch security upstream


the following vulnerability was published for exiv2.

| Exiv2 0.26 has a Null Pointer Dereference in the
| Exiv2::DataValue::toLong function in value.cpp, related to crafted
| metadata in a TIFF file.

The underlying issue according to [2] is that the code is trying to
pring a value in the if statement:

if (Params::instance().printItems_ & Params::prValue)

when this might not be possible. Fix is done via [2].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:


Please adjust the affected versions in the BTS as needed, please
double check my assessment for it back to 0.24-1 is done right.
The poc does not trigger, if I'm not completely wrong the affected
code is there.


pkg-kde-extras mailing list

Reply via email to