{"id":"CVE-2014-9449","details":"Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.","modified":"2026-02-04T08:28:18.708753Z","published":"2015-01-02T20:59:08Z","related":["openSUSE-SU-2024:10203-1"],"references":[{"type":"ADVISORY","url":"http://dev.exiv2.org/issues/960"},{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148382.html"},{"type":"ADVISORY","url":"http://secunia.com/advisories/61801"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2454-1"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201507-03"},{"type":"REPORT","url":"http://dev.exiv2.org/issues/960"},{"type":"REPORT","url":"http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263"},{"type":"REPORT","url":"http://secunia.com/advisories/61801"},{"type":"WEB","url":"http://www.securityfocus.com/bid/71912"}],"schema_version":"1.7.3"}