VYPR

rpm package

opensuse/exiv2-0_26&distro=openSUSE Leap 15.4

pkg:rpm/opensuse/exiv2-0_26&distro=openSUSE%20Leap%2015.4

Vulnerabilities (25)

  • CVE-2018-20097Dec 12, 2018
    affected < 0.26-150400.9.21.1fixed 0.26-150400.9.21.1

    There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

  • CVE-2018-17581MedSep 28, 2018
    affected < 0.26-150400.9.21.1fixed 0.26-150400.9.21.1

    CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.

  • CVE-2018-11531CriMay 29, 2018
    affected < 0.26-150400.9.21.1fixed 0.26-150400.9.21.1

    Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.

  • CVE-2017-1000128MedNov 17, 2017
    affected < 0.26-150400.9.16.1fixed 0.26-150400.9.16.1

    Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser

  • CVE-2017-11591HigJul 24, 2017
    affected < 0.26-150400.9.21.1fixed 0.26-150400.9.21.1

    There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

Page 2 of 2