Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Exiv2
(Exiv2)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 113 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-06-30 | CVE-2019-13111 | A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file. | Exiv2, Fedora | 5.5 | ||
2018-05-12 | CVE-2018-10998 | An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. | Ubuntu_linux, Debian_linux, Exiv2, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
2018-11-08 | CVE-2018-19107 | In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. | Ubuntu_linux, Debian_linux, Exiv2, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
2021-08-09 | CVE-2021-32815 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when modifying the metadata, which is a less frequently used Exiv2... | Debian_linux, Exiv2, Fedora | 5.5 | ||
2021-08-09 | CVE-2021-34334 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5. | Debian_linux, Exiv2, Fedora | 5.5 | ||
2021-08-09 | CVE-2021-37620 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5. | Debian_linux, Exiv2, Fedora | 5.5 | ||
2019-06-30 | CVE-2019-13112 | A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. | Ubuntu_linux, Debian_linux, Exiv2, Fedora | 6.5 | ||
2019-06-30 | CVE-2019-13113 | Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. | Ubuntu_linux, Exiv2, Fedora | 6.5 | ||
2021-04-19 | CVE-2021-29458 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is... | Debian_linux, Exiv2, Fedora | 5.5 | ||
2019-06-30 | CVE-2019-13110 | A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. | Ubuntu_linux, Debian_linux, Exiv2, Fedora | 6.5 |