rpm package
opensuse/exiv2-0_26&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/exiv2-0_26&distro=openSUSE%20Leap%2015.4
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-20097 | — | < 0.26-150400.9.21.1 | 0.26-150400.9.21.1 | Dec 12, 2018 | There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | ||
| CVE-2018-17581 | Med | 6.5 | < 0.26-150400.9.21.1 | 0.26-150400.9.21.1 | Sep 28, 2018 | CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. | |
| CVE-2018-11531 | Cri | 9.8 | < 0.26-150400.9.21.1 | 0.26-150400.9.21.1 | May 29, 2018 | Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. | |
| CVE-2017-1000128 | Med | 5.5 | < 0.26-150400.9.16.1 | 0.26-150400.9.16.1 | Nov 17, 2017 | Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser | |
| CVE-2017-11591 | Hig | 7.5 | < 0.26-150400.9.21.1 | 0.26-150400.9.21.1 | Jul 24, 2017 | There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. |
- CVE-2018-20097Dec 12, 2018affected < 0.26-150400.9.21.1fixed 0.26-150400.9.21.1
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
- affected < 0.26-150400.9.21.1fixed 0.26-150400.9.21.1
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.
- affected < 0.26-150400.9.21.1fixed 0.26-150400.9.21.1
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.
- affected < 0.26-150400.9.16.1fixed 0.26-150400.9.16.1
Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser
- affected < 0.26-150400.9.21.1fixed 0.26-150400.9.21.1
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
Page 2 of 2