rpm package
suse/exiv2&distro=SUSE Linux Enterprise Module for Desktop Applications 15 SP3
pkg:rpm/suse/exiv2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3
Vulnerabilities (28)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-18915 | — | < 0.26-150000.6.16.1 | 0.26-150000.6.16.1 | Nov 3, 2018 | There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack. | ||
| CVE-2018-17581 | Med | 6.5 | < 0.26-150000.6.26.1 | 0.26-150000.6.26.1 | Sep 28, 2018 | CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. | |
| CVE-2018-11531 | Cri | 9.8 | < 0.26-150000.6.26.1 | 0.26-150000.6.26.1 | May 29, 2018 | Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. | |
| CVE-2018-10772 | Med | 6.5 | < 0.26-150000.6.16.1 | 0.26-150000.6.16.1 | May 7, 2018 | The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |
| CVE-2018-8977 | Med | 6.5 | < 0.26-150000.6.16.1 | 0.26-150000.6.16.1 | Mar 25, 2018 | In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file. | |
| CVE-2018-8976 | Med | 6.5 | < 0.26-150000.6.16.1 | 0.26-150000.6.16.1 | Mar 25, 2018 | In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. | |
| CVE-2018-5772 | Med | 5.5 | < 0.26-150000.6.16.1 | 0.26-150000.6.16.1 | Jan 18, 2018 | In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. | |
| CVE-2017-11591 | Hig | 7.5 | < 0.26-150000.6.26.1 | 0.26-150000.6.26.1 | Jul 24, 2017 | There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. |
- CVE-2018-18915Nov 3, 2018affected < 0.26-150000.6.16.1fixed 0.26-150000.6.16.1
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.
- affected < 0.26-150000.6.26.1fixed 0.26-150000.6.26.1
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.
- affected < 0.26-150000.6.26.1fixed 0.26-150000.6.26.1
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.
- affected < 0.26-150000.6.16.1fixed 0.26-150000.6.16.1
The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
- affected < 0.26-150000.6.16.1fixed 0.26-150000.6.16.1
In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file.
- affected < 0.26-150000.6.16.1fixed 0.26-150000.6.16.1
In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.
- affected < 0.26-150000.6.16.1fixed 0.26-150000.6.16.1
In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.
- affected < 0.26-150000.6.26.1fixed 0.26-150000.6.26.1
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
Page 2 of 2