CVE-2017-9239

Publication date 26 May 2017

Last updated 25 August 2025

Ubuntu priority

Low

Why this priority?

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

Description

An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.

Status

Package Ubuntu Release Status
exiv2 18.10 cosmic
Not affected
18.04 LTS bionic
Not affected
17.10 artful
Not affected
17.04 zesty Ignored end of life
16.10 yakkety Ignored end of life
16.04 LTS xenial
Fixed 0.25-2.1ubuntu16.04.3
14.04 LTS trusty
Fixed 0.23-1ubuntu2.2

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
exiv2

Severity score breakdown

CVSS version: CVSS v3.0

Base score 6.5 · Medium

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-3852-1
    • Exiv2 vulnerabilities
    • 10 January 2019

Other references

Access our resources on patching vulnerabilities