rpm package
almalinux/libgexiv2
pkg:rpm/almalinux/libgexiv2
Vulnerabilities (28)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-14338 | Hig | 8.1 | < 0.10.8-4.el8 | 0.10.8-4.el8 | Jul 17, 2018 | samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow. | |
| CVE-2018-11037 | Med | 6.5 | < 0.10.8-4.el8 | 0.10.8-4.el8 | May 14, 2018 | In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file. | |
| CVE-2018-10772 | Med | 6.5 | < 0.10.8-4.el8 | 0.10.8-4.el8 | May 7, 2018 | The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |
| CVE-2018-9305 | Hig | 8.1 | < 0.10.8-4.el8 | 0.10.8-4.el8 | Apr 4, 2018 | In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case. | |
| CVE-2018-9304 | Med | 6.5 | < 0.10.8-4.el8 | 0.10.8-4.el8 | Apr 4, 2018 | In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service. | |
| CVE-2018-9303 | Med | 6.5 | < 0.10.8-4.el8 | 0.10.8-4.el8 | Apr 4, 2018 | In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort. | |
| CVE-2018-4868 | Med | 5.5 | < 0.10.8-4.el8 | 0.10.8-4.el8 | Jan 3, 2018 | The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file. | |
| CVE-2017-18005 | Med | 5.5 | < 0.10.8-4.el8 | 0.10.8-4.el8 | Dec 31, 2017 | Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. |
- affected < 0.10.8-4.el8fixed 0.10.8-4.el8
samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.
- affected < 0.10.8-4.el8fixed 0.10.8-4.el8
In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.
- affected < 0.10.8-4.el8fixed 0.10.8-4.el8
The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
- affected < 0.10.8-4.el8fixed 0.10.8-4.el8
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case.
- affected < 0.10.8-4.el8fixed 0.10.8-4.el8
In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service.
- affected < 0.10.8-4.el8fixed 0.10.8-4.el8
In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort.
- affected < 0.10.8-4.el8fixed 0.10.8-4.el8
The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.
- affected < 0.10.8-4.el8fixed 0.10.8-4.el8
Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.
Page 2 of 2