VYPR

rpm package

opensuse/exiv2&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/exiv2&distro=openSUSE%20Tumbleweed

Vulnerabilities (48)

  • CVE-2017-12957MedAug 18, 2017
    affected < 0.27.4-1.2fixed 0.27.4-1.2

    There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.

  • CVE-2017-12955HigAug 18, 2017
    affected < 0.27.4-1.2fixed 0.27.4-1.2

    There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.

  • CVE-2017-11591HigJul 24, 2017
    affected < 0.27.4-1.2fixed 0.27.4-1.2

    There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

  • CVE-2017-11340MedJul 17, 2017
    affected < 0.27.4-1.2fixed 0.27.4-1.2

    There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack.

  • CVE-2017-11338MedJul 17, 2017
    affected < 0.27.4-1.2fixed 0.27.4-1.2

    There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.

  • CVE-2017-9239MedMay 26, 2017
    affected < 0.27.5-4.1fixed 0.27.5-4.1

    An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulne

  • CVE-2014-9449Jan 2, 2015
    affected < 0.25-3.4fixed 0.25-3.4

    Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.

  • CVE-2007-6353Dec 20, 2007
    affected < 0.27.4-1.2fixed 0.27.4-1.2

    Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.

Page 3 of 3