Filtered by vendor Exiv2
Subscriptions
Filtered by product Exiv2
Subscriptions
Total
116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10780 | 1 Exiv2 | 1 Exiv2 | 2024-08-05 | N/A |
| Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read. | ||||
| CVE-2018-9303 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-08-05 | N/A |
| In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort. | ||||
| CVE-2018-9305 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-08-05 | N/A |
| In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case. | ||||
| CVE-2018-9304 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-08-05 | N/A |
| In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service. | ||||
| CVE-2018-9144 | 1 Exiv2 | 1 Exiv2 | 2024-08-05 | N/A |
| In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure. | ||||
| CVE-2018-9145 | 1 Exiv2 | 1 Exiv2 | 2024-08-05 | N/A |
| In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file. | ||||
| CVE-2018-8976 | 3 Debian, Exiv2, Redhat | 6 Debian Linux, Exiv2, Enterprise Linux and 3 more | 2024-08-05 | 6.5 Medium |
| In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. | ||||
| CVE-2018-8977 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-08-05 | N/A |
| In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file. | ||||
| CVE-2018-5772 | 1 Exiv2 | 1 Exiv2 | 2024-08-05 | N/A |
| In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. | ||||
| CVE-2018-4868 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-08-05 | N/A |
| The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file. | ||||
| CVE-2019-20421 | 4 Canonical, Debian, Exiv2 and 1 more | 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more | 2024-08-05 | 7.5 High |
| In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. | ||||
| CVE-2019-17402 | 4 Canonical, Debian, Exiv2 and 1 more | 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more | 2024-08-05 | 6.5 Medium |
| Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size. | ||||
| CVE-2019-14982 | 1 Exiv2 | 1 Exiv2 | 2024-08-05 | N/A |
| In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. It can lead to a buffer overflow vulnerability and a crash. | ||||
| CVE-2019-14370 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2024-08-05 | 6.5 Medium |
| In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service. | ||||
| CVE-2019-14369 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2024-08-05 | 6.5 Medium |
| Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file. | ||||
| CVE-2019-14368 | 1 Exiv2 | 1 Exiv2 | 2024-08-05 | N/A |
| Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp. | ||||
| CVE-2019-13504 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2024-08-04 | 6.5 Medium |
| There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2. | ||||
| CVE-2019-13108 | 2 Exiv2, Fedoraproject | 2 Exiv2, Fedora | 2024-08-04 | 6.5 Medium |
| An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. | ||||
| CVE-2019-13109 | 3 Exiv2, Fedoraproject, Redhat | 3 Exiv2, Fedora, Enterprise Linux | 2024-08-04 | 6.5 Medium |
| An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction. | ||||
| CVE-2019-13110 | 4 Canonical, Debian, Exiv2 and 1 more | 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more | 2024-08-04 | 6.5 Medium |
| A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. | ||||