Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Exiv2
(Exiv2)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 115 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-23 | CVE-2020-18771 | Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak. | Debian_linux, Exiv2 | 8.1 | ||
| 2021-08-23 | CVE-2020-18773 | An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | Exiv2 | 6.5 | ||
| 2021-08-23 | CVE-2020-18774 | A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | Exiv2 | 6.5 | ||
| 2023-11-06 | CVE-2023-44398 | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they... | Exiv2 | 8.8 | ||
| 2017-05-26 | CVE-2017-9239 | An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file. | Ubuntu_linux, Exiv2 | 6.5 | ||
| 2018-12-12 | CVE-2018-20096 | There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | Exiv2 | 6.5 | ||
| 2018-12-12 | CVE-2018-20097 | There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | Debian_linux, Exiv2, Fedora, Enterprise_linux_dekstop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
| 2018-12-12 | CVE-2018-20098 | There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | Exiv2 | 6.5 | ||
| 2018-12-12 | CVE-2018-20099 | There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | Exiv2 | 6.5 | ||
| 2019-06-30 | CVE-2019-13108 | An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. | Exiv2, Fedora | 6.5 |