CVE-2008-2696 - Vulnerability Details - OpenCVE

Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to "pretty printing" and the RationalValue::toLong function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Exiv2	Exiv2

Configuration 1 [-]

cpe:2.3:a:exiv2:exiv2:0.16:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugzilla.gnome.org/show_bug.cgi?id=524715
http://dev.robotbattle.com/bugs/view.php?id=0000546
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html
http://secunia.com/advisories/30519
http://secunia.com/advisories/32273
http://www.exiv2.org/changelog.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:119
http://www.securityfocus.com/bid/29586
http://www.ubuntu.com/usn/usn-655-1
http://www.vupen.com/english/advisories/2008/1766/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42885

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-06-13T19:19:00

Updated: 2024-08-07T09:14:14.025Z

Reserved: 2008-06-13T00:00:00

Link: CVE-2008-2696

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-06-13T19:41:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-2696

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-06T00:00:00", "descriptions": [{"lang": "en", "value": "Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to \"pretty printing\" and the RationalValue::toLong function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.exiv2.org/changelog.html"}, {"name": "MDVSA-2008:119", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:119"}, {"name": "USN-655-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-655-1"}, {"name": "29586", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29586"}, {"name": "exiv2-printing-dos(42885)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42885"}, {"name": "SUSE-SR:2008:023", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"}, {"tags": ["x_refsource_MISC"], "url": "http://dev.robotbattle.com/bugs/view.php?id=0000546"}, {"tags": ["x_refsource_MISC"], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=524715"}, {"name": "30519", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30519"}, {"name": "ADV-2008-1766", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1766/references"}, {"name": "32273", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32273"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2696", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to \"pretty printing\" and the RationalValue::toLong function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.exiv2.org/changelog.html", "refsource": "CONFIRM", "url": "http://www.exiv2.org/changelog.html"}, {"name": "MDVSA-2008:119", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:119"}, {"name": "USN-655-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-655-1"}, {"name": "29586", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29586"}, {"name": "exiv2-printing-dos(42885)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42885"}, {"name": "SUSE-SR:2008:023", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"}, {"name": "http://dev.robotbattle.com/bugs/view.php?id=0000546", "refsource": "MISC", "url": "http://dev.robotbattle.com/bugs/view.php?id=0000546"}, {"name": "http://bugzilla.gnome.org/show_bug.cgi?id=524715", "refsource": "MISC", "url": "http://bugzilla.gnome.org/show_bug.cgi?id=524715"}, {"name": "30519", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30519"}, {"name": "ADV-2008-1766", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1766/references"}, {"name": "32273", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32273"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:14:14.025Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.exiv2.org/changelog.html"}, {"name": "MDVSA-2008:119", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:119"}, {"name": "USN-655-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-655-1"}, {"name": "29586", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29586"}, {"name": "exiv2-printing-dos(42885)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42885"}, {"name": "SUSE-SR:2008:023", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://dev.robotbattle.com/bugs/view.php?id=0000546"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=524715"}, {"name": "30519", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30519"}, {"name": "ADV-2008-1766", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1766/references"}, {"name": "32273", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32273"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2696", "datePublished": "2008-06-13T19:19:00", "dateReserved": "2008-06-13T00:00:00", "dateUpdated": "2024-08-07T09:14:14.025Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:exiv2:exiv2:0.16:*:*:*:*:*:*:*", "matchCriteriaId": "1E739A33-3A1E-4AE8-B3A3-022D3D385354", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to \"pretty printing\" and the RationalValue::toLong function."}, {"lang": "es", "value": "Exiv2 0.16 permite a atacantes remotos asistidos por el usuario provocar una denegaci\u00f3n de servicio (divisi\u00f3n por cero y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un valor 0 en Nikon lens information en los metadatos de una imagen, relacionada con \"pretty printing\" y la funcion RationalValue::toLong."}], "id": "CVE-2008-2696", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-06-13T19:41:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=524715"}, {"source": "cve@mitre.org", "url": "http://dev.robotbattle.com/bugs/view.php?id=0000546"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30519"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32273"}, {"source": "cve@mitre.org", "url": "http://www.exiv2.org/changelog.html"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:119"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/29586"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-655-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1766/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42885"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=524715"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dev.robotbattle.com/bugs/view.php?id=0000546"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30519"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32273"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.exiv2.org/changelog.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:119"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/29586"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-655-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1766/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42885"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}