CVE-2014-9449

Name of the Vulnerable Software and Affected Versions Exiv2 version 0.24

Description The issue is related to a buffer overflow in the RiffVideo::infoTagsHandler function, which can be triggered by a long IKEY INFO tag value in an AVI file, potentially causing a denial of service (crash).

Recommendations For Exiv2 version 0.24, as a temporary workaround, consider disabling the RiffVideo::infoTagsHandler function until a patch is available. Restrict access to AVI files with long IKEY INFO tag values to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.