Filtered by vendor Exiv2
Subscriptions
Total
118 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14370 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2024-08-05 | 6.5 Medium |
| In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service. | ||||
| CVE-2019-14369 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2024-08-05 | 6.5 Medium |
| Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file. | ||||
| CVE-2019-14368 | 1 Exiv2 | 1 Exiv2 | 2024-08-05 | N/A |
| Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp. | ||||
| CVE-2019-13504 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2024-08-04 | 6.5 Medium |
| There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2. | ||||
| CVE-2019-13108 | 2 Exiv2, Fedoraproject | 2 Exiv2, Fedora | 2024-08-04 | 6.5 Medium |
| An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. | ||||
| CVE-2019-13109 | 3 Exiv2, Fedoraproject, Redhat | 3 Exiv2, Fedora, Enterprise Linux | 2024-08-04 | 6.5 Medium |
| An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction. | ||||
| CVE-2019-13110 | 4 Canonical, Debian, Exiv2 and 1 more | 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more | 2024-08-04 | 6.5 Medium |
| A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. | ||||
| CVE-2019-13111 | 3 Exiv2, Fedoraproject, Redhat | 3 Exiv2, Fedora, Enterprise Linux | 2024-08-04 | 5.5 Medium |
| A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file. | ||||
| CVE-2019-13113 | 4 Canonical, Exiv2, Fedoraproject and 1 more | 4 Ubuntu Linux, Exiv2, Fedora and 1 more | 2024-08-04 | 6.5 Medium |
| Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. | ||||
| CVE-2019-13114 | 5 Canonical, Debian, Exiv2 and 2 more | 5 Ubuntu Linux, Debian Linux, Exiv2 and 2 more | 2024-08-04 | 6.5 Medium |
| http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. | ||||
| CVE-2019-13112 | 5 Canonical, Debian, Exiv2 and 2 more | 5 Ubuntu Linux, Debian Linux, Exiv2 and 2 more | 2024-08-04 | 6.5 Medium |
| A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. | ||||
| CVE-2019-9143 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-08-04 | N/A |
| An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | ||||
| CVE-2019-9144 | 1 Exiv2 | 1 Exiv2 | 2024-08-04 | N/A |
| An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | ||||
| CVE-2020-19716 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2024-08-04 | 6.5 Medium |
| A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). | ||||
| CVE-2020-18774 | 1 Exiv2 | 1 Exiv2 | 2024-08-04 | 6.5 Medium |
| A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | ||||
| CVE-2020-18773 | 1 Exiv2 | 1 Exiv2 | 2024-08-04 | 6.5 Medium |
| An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | ||||
| CVE-2020-18898 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-08-04 | 6.5 Medium |
| A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. | ||||
| CVE-2021-37622 | 3 Debian, Exiv2, Fedoraproject | 3 Debian Linux, Exiv2, Fedora | 2024-08-04 | 5.5 Medium |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). The bug is fixed in version v0.27.5. | ||||
| CVE-2021-37621 | 3 Debian, Exiv2, Fedoraproject | 3 Debian Linux, Exiv2, Fedora | 2024-08-04 | 5.5 Medium |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5. | ||||
| CVE-2021-37623 | 2 Exiv2, Fedoraproject | 2 Exiv2, Fedora | 2024-08-04 | 5.5 Medium |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). The bug is fixed in version v0.27.5. | ||||