Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Exiv2
(Exiv2)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 115 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-01-27 | CVE-2019-20421 | In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. | Ubuntu_linux, Debian_linux, Exiv2 | 7.5 | ||
2018-09-19 | CVE-2018-17230 | Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. | Exiv2 | 6.5 | ||
2018-09-19 | CVE-2018-17229 | Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. | Exiv2 | 6.5 | ||
2018-05-29 | CVE-2018-11531 | Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. | Ubuntu_linux, Debian_linux, Exiv2 | 9.8 | ||
2017-11-17 | CVE-2017-1000126 | exiv2 0.26 contains a Stack out of bounds read in webp parser | Exiv2 | 5.5 | ||
2018-02-12 | CVE-2017-17724 | In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the "!= 0x1c" case. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file. | Exiv2 | 6.5 | ||
2018-02-12 | CVE-2017-17723 | In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to disclose memory data or cause a denial of service via a crafted TIFF file. | Exiv2 | 8.1 | ||
2018-02-12 | CVE-2017-17722 | In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file. | Exiv2 | 6.5 | ||
2017-09-29 | CVE-2017-14863 | A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | Exiv2 | 5.5 | ||
2017-09-29 | CVE-2017-14861 | There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | Exiv2 | 5.5 |