Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Exiv2
(Exiv2)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 115 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-05-29 | CVE-2018-11531 | Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. | Ubuntu_linux, Debian_linux, Exiv2 | 9.8 | ||
| 2017-11-17 | CVE-2017-1000126 | exiv2 0.26 contains a Stack out of bounds read in webp parser | Exiv2 | 5.5 | ||
| 2018-02-12 | CVE-2017-17724 | In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the "!= 0x1c" case. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file. | Exiv2 | 6.5 | ||
| 2018-02-12 | CVE-2017-17723 | In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to disclose memory data or cause a denial of service via a crafted TIFF file. | Exiv2 | 8.1 | ||
| 2018-02-12 | CVE-2017-17722 | In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file. | Exiv2 | 6.5 | ||
| 2017-09-29 | CVE-2017-14863 | A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | Exiv2 | 5.5 | ||
| 2017-09-29 | CVE-2017-14861 | There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | Exiv2 | 5.5 | ||
| 2017-09-29 | CVE-2017-14860 | There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | Exiv2 | 5.5 | ||
| 2017-08-18 | CVE-2017-12957 | There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service. | Exiv2 | 6.5 | ||
| 2017-07-17 | CVE-2017-11338 | There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | Exiv2 | 6.5 |