Vulnerability Name:

CVE-2014-9449 (CCN-99691)

Assigned:2014-12-05
Published:2014-12-05
Updated:2017-11-10
Summary:Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2014-9449

Source: CCN
Type: Exiv2 Web site
Problem With Exiv2

Source: CONFIRM
Type: Issue Tracking, Vendor Advisory
http://dev.exiv2.org/issues/960

Source: CONFIRM
Type: Issue Tracking
http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263

Source: FEDORA
Type: Third Party Advisory
FEDORA-2015-0301

Source: SECUNIA
Type: Permissions Required, Third Party Advisory
61801

Source: BID
Type: UNKNOWN
71912

Source: CCN
Type: BID-71912
Exiv2 'riffvideo.cpp' Remote Buffer Overflow Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-2454-1

Source: XF
Type: UNKNOWN
exiv2-cve20149449-bo(99691)

Source: GENTOO
Type: UNKNOWN
GLSA-201507-03

Vulnerable Configuration:Configuration 1:
  • cpe:/a:exiv2:exiv2:0.24:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:fedoraproject:fedora:21:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:exiv2:exiv2:0.24:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20149449
    V
    CVE-2014-9449
    2023-06-22
    oval:org.opensuse.security:def:7930
    P
    libexiv2-27-0.27.5-150400.15.4.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:770
    P
    Security update for go1.18 (Important)
    2022-09-21
    oval:org.opensuse.security:def:658
    P
    Security update for mokutil (Moderate)
    2022-08-03
    oval:org.opensuse.security:def:94050
    P
    (Important)
    2022-07-14
    oval:org.opensuse.security:def:3310
    P
    openssh-7.2p2-74.45.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94940
    P
    libexiv2-26-0.26-6.8.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:1350
    P
    Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:100763
    P
    (Important)
    2022-03-08
    oval:org.opensuse.security:def:994
    P
    Security update for conmon, libcontainers-common, libseccomp, podman (Moderate)
    2022-02-25
    oval:org.opensuse.security:def:1695
    P
    Security update for apache2 (Important)
    2022-01-17
    oval:org.opensuse.security:def:112208
    P
    exiv2-0.25-3.4 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:1579
    P
    Security update for python-pip (Moderate)
    2021-12-13
    oval:org.opensuse.security:def:67804
    P
    Security update for the Linux Kernel (Live Patch 24 for SLE 15) (Important)
    2021-11-17
    oval:org.opensuse.security:def:1223
    P
    Security update for the Linux Kernel (Important)
    2021-11-16
    oval:org.opensuse.security:def:105739
    P
    exiv2-0.25-3.4 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:71144
    P
    autofs-5.1.3-7.3.1 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:71257
    P
    libgd3-2.2.5-4.6.1 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:64557
    P
    Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:48094
    P
    libarchive13-3.1.2-26.3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47620
    P
    git-core-2.12.3-27.14.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47180
    P
    xdg-utils-20140630-5.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48240
    P
    memcached-1.4.39-4.6.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47844
    P
    pam_yubico-2.26-1.25 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47315
    P
    libXfont1-1.5.1-10.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48336
    P
    vsftpd-3.0.2-40.11.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48206
    P
    libthai-data-0.1.25-4.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47640
    P
    gvim-7.4.326-16.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47292
    P
    jakarta-commons-fileupload-1.1.1-120.113 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48352
    P
    yast2-3.2.50-4.7.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47880
    P
    rsyslog-8.24.0-3.16.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47427
    P
    libvirt-3.3.0-4.28 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47179
    P
    xalan-j2-2.7.0-264.133 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48178
    P
    libproxy1-0.4.13-16.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47752
    P
    libopenjp2-7-2.1.0-4.9.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47194
    P
    DirectFB-1.7.1-6.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48305
    P
    shadow-4.2.1-34.20 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47992
    P
    dnsmasq-2.78-18.9.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47508
    P
    supportutils-3.0-94.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47291
    P
    iputils-s20121221-2.17 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48290
    P
    python3-3.4.6-25.29.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47732
    P
    libksba8-1.3.0-23.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47306
    P
    libIlmImf-Imf_2_1-21-2.1.0-4.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:1106
    P
    libpcre1-32bit-8.41-4.20 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72503
    P
    libexiv2-26-0.26-6.8.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62784
    P
    libexiv2-26-0.26-6.8.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101190
    P
    libexiv2-26-0.26-6.8.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:48519
    P
    liblua5_2-5.2.2-4.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48448
    P
    jakarta-commons-fileupload-1.1.1-120.113 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48407
    P
    dstat-0.7.2-1.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48417
    P
    fontconfig-2.11.1-7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:1462
    P
    Security update for java-11-openjdk (Important)
    2021-05-11
    oval:org.opensuse.security:def:66730
    P
    Security update for zstd (Moderate)
    2021-04-08
    oval:org.opensuse.security:def:69981
    P
    Security update for screen (Important)
    2021-02-17
    oval:org.opensuse.security:def:64470
    P
    Security update for the Linux Kernel (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:72387
    P
    libexiv2-26-0.26-6.8.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:107429
    P
    libexiv2-26-0.26-6.8.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62668
    P
    libexiv2-26-0.26-6.8.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:116987
    P
    libexiv2-26-0.26-6.8.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:72158
    P
    libexiv2-26-0.26-4.31 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62439
    P
    libexiv2-26-0.26-4.31 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:89901
    P
    libexiv2-26-0.26-6.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:72270
    P
    libexiv2-26-0.26-6.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:103556
    P
    libexiv2-26-0.26-6.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62551
    P
    libexiv2-26-0.26-6.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:70086
    P
    libexiv2-26 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:73421
    P
    libexiv2-26 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49493
    P
    vorbis-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49435
    P
    libexiv2-26 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49610
    P
    PackageKit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49547
    P
    libexiv2-26 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:73303
    P
    python3-requests on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:67904
    P
    libexiv2-26 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49381
    P
    docker-libnetwork on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49664
    P
    libexiv2-26 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:66638
    P
    tboot on GA media (Moderate)
    2020-12-01
    oval:com.ubuntu.precise:def:20149449000
    V
    CVE-2014-9449 on Ubuntu 12.04 LTS (precise) - medium.
    2015-01-02
    oval:com.ubuntu.trusty:def:20149449000
    V
    CVE-2014-9449 on Ubuntu 14.04 LTS (trusty) - medium.
    2015-01-02
    BACK
    exiv2 exiv2 0.24
    fedoraproject fedora 21
    exiv2 exiv2 0.24