rpm package
opensuse/exiv2&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/exiv2&distro=openSUSE%20Tumbleweed
Vulnerabilities (48)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-12957 | Med | 6.5 | < 0.27.4-1.2 | 0.27.4-1.2 | Aug 18, 2017 | There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service. | |
| CVE-2017-12955 | Hig | 8.8 | < 0.27.4-1.2 | 0.27.4-1.2 | Aug 18, 2017 | There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact. | |
| CVE-2017-11591 | Hig | 7.5 | < 0.27.4-1.2 | 0.27.4-1.2 | Jul 24, 2017 | There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |
| CVE-2017-11340 | Med | 6.5 | < 0.27.4-1.2 | 0.27.4-1.2 | Jul 17, 2017 | There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack. | |
| CVE-2017-11338 | Med | 6.5 | < 0.27.4-1.2 | 0.27.4-1.2 | Jul 17, 2017 | There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | |
| CVE-2017-9239 | Med | 6.5 | < 0.27.5-4.1 | 0.27.5-4.1 | May 26, 2017 | An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulne | |
| CVE-2014-9449 | — | < 0.25-3.4 | 0.25-3.4 | Jan 2, 2015 | Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file. | ||
| CVE-2007-6353 | — | < 0.27.4-1.2 | 0.27.4-1.2 | Dec 20, 2007 | Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. |
- affected < 0.27.4-1.2fixed 0.27.4-1.2
There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.
- affected < 0.27.4-1.2fixed 0.27.4-1.2
There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.
- affected < 0.27.4-1.2fixed 0.27.4-1.2
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
- affected < 0.27.4-1.2fixed 0.27.4-1.2
There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack.
- affected < 0.27.4-1.2fixed 0.27.4-1.2
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
- affected < 0.27.5-4.1fixed 0.27.5-4.1
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulne
- CVE-2014-9449Jan 2, 2015affected < 0.25-3.4fixed 0.25-3.4
Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.
- CVE-2007-6353Dec 20, 2007affected < 0.27.4-1.2fixed 0.27.4-1.2
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
Page 3 of 3