Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Exiv2
(Exiv2)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 115 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-08-22 | CVE-2020-18831 | Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file. | Exiv2 | 7.8 | ||
| 2018-05-12 | CVE-2018-10998 | An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. | Ubuntu_linux, Debian_linux, Exiv2, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
| 2018-11-08 | CVE-2018-19107 | In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. | Ubuntu_linux, Debian_linux, Exiv2, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
| 2017-07-27 | CVE-2017-11683 | There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | Ubuntu_linux, Debian_linux, Exiv2 | 6.5 | ||
| 2021-07-13 | CVE-2020-19716 | A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). | Debian_linux, Exiv2 | 6.5 | ||
| 2017-07-24 | CVE-2017-11591 | There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | Ubuntu_linux, Debian_linux, Exiv2 | 7.5 | ||
| 2017-09-29 | CVE-2017-14859 | An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | Ubuntu_linux, Debian_linux, Exiv2 | 5.5 | ||
| 2017-09-29 | CVE-2017-14862 | An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | Ubuntu_linux, Debian_linux, Exiv2 | 5.5 | ||
| 2017-09-29 | CVE-2017-14864 | An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | Ubuntu_linux, Debian_linux, Exiv2 | 5.5 | ||
| 2017-12-13 | CVE-2017-17669 | There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. | Ubuntu_linux, Debian_linux, Exiv2 | 5.5 |