VYPR

rpm package

almalinux/libgexiv2-devel

pkg:rpm/almalinux/libgexiv2-devel

Vulnerabilities (28)

  • CVE-2018-14338HigJul 17, 2018
    affected < 0.10.8-4.el8fixed 0.10.8-4.el8

    samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.

  • CVE-2018-11037MedMay 14, 2018
    affected < 0.10.8-4.el8fixed 0.10.8-4.el8

    In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.

  • CVE-2018-10772MedMay 7, 2018
    affected < 0.10.8-4.el8fixed 0.10.8-4.el8

    The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

  • CVE-2018-9305HigApr 4, 2018
    affected < 0.10.8-4.el8fixed 0.10.8-4.el8

    In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case.

  • CVE-2018-9304MedApr 4, 2018
    affected < 0.10.8-4.el8fixed 0.10.8-4.el8

    In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service.

  • CVE-2018-9303MedApr 4, 2018
    affected < 0.10.8-4.el8fixed 0.10.8-4.el8

    In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort.

  • CVE-2018-4868MedJan 3, 2018
    affected < 0.10.8-4.el8fixed 0.10.8-4.el8

    The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.

  • CVE-2017-18005MedDec 31, 2017
    affected < 0.10.8-4.el8fixed 0.10.8-4.el8

    Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.

Page 2 of 2