CVE-2017-14931

Vulnerability

The vulnerability resides in the ExifImageFile::readDQT function within ExifImageFileRead.cpp in OpenExif version 2.1.4. When parsing a crafted JPEG file, the function reads quantization table data into the array mJpegTables->Q[tableNum]->quantizer[openexif_jpeg_natural_order[i]] = qt[i] without proper bounds checking, leading to a stack-based buffer over-read. The affected versions are OpenExif 2.1.4 and potentially earlier releases [1][2].

Exploitation

An attacker must deliver a specially crafted JPEG file to the target. No special privileges or authentication are required; the victim only needs to open the malicious file using an application that relies on OpenExif, such as the ExifTagDump example utility. The over-read occurs during the normal parsing of the JPEG's DQT (Define Quantization Table) marker segment [1][2].

Impact

Successful exploitation results in a stack-based buffer over-read, which can cause the application to crash, leading to a denial of service. The vulnerability does not appear to allow arbitrary code execution based on the available references; the impact is limited to availability (CIA: availability) [1][2].

Mitigation

As of the publication date (2017-09-30), no official patch or fixed version of OpenExif has been released. The project appears to be abandoned or inactive, with the latest version being 2.1.4. Users should avoid processing untrusted JPEG files with applications that use OpenExif until a fix is available. There is no mention of this CVE being listed in the CISA Known Exploited Vulnerabilities (KEV) catalog [1][2].