CVE-2018-17230: AddressSanitizer: heap-buffer-overflow in Exiv2::ul2Data Issue Status: Closed Milestone: v0.27 Resolution Date: Jan 3, 2019 Key Information: Vulnerability Type: Heap buffer overflow in Test Environment: Ubuntu 16.04, 64-bit, Exiv2 master Detection Tool: AddressSanitizer (ASan) Poc: Provided in the comment here Details: The issue was found with mem-AFL, based on AFL, by Yanhao and Marsman1996. The CVE was assigned and tagged: CVE-2018-17230. Resolution: The issue was resolved and not present in version v0.26. Related to issue #453, the fix was committed in af98bc. Milestone: Added to v0.27 milestone.