rpm package
suse/exiv2&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4
pkg:rpm/suse/exiv2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-37620 | — | < 0.23-12.18.1 | 0.23-12.18.1 | Aug 9, 2021 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a craft | ||
| CVE-2021-34334 | — | < 0.23-12.18.1 | 0.23-12.18.1 | Aug 9, 2021 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cau | ||
| CVE-2021-32815 | — | < 0.23-12.18.1 | 0.23-12.18.1 | Aug 9, 2021 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability | ||
| CVE-2021-29473 | — | < 0.23-12.18.1 | 0.23-12.18.1 | Apr 26, 2021 | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and m | ||
| CVE-2021-29457 | — | < 0.23-12.18.1 | 0.23-12.18.1 | Apr 19, 2021 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted im | ||
| CVE-2019-20421 | — | < 0.23-12.8.1 | 0.23-12.8.1 | Jan 27, 2020 | In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. | ||
| CVE-2019-17402 | — | < 0.23-12.8.1 | 0.23-12.8.1 | Oct 9, 2019 | Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size. | ||
| CVE-2019-13113 | — | < 0.23-12.8.1 | 0.23-12.8.1 | Jun 30, 2019 | Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. | ||
| CVE-2019-13112 | — | < 0.23-12.18.1 | 0.23-12.18.1 | Jun 30, 2019 | A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. | ||
| CVE-2019-13110 | — | < 0.23-12.8.1 | 0.23-12.8.1 | Jun 30, 2019 | A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. | ||
| CVE-2018-20097 | — | < 0.23-12.18.1 | 0.23-12.18.1 | Dec 12, 2018 | There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | ||
| CVE-2018-17581 | Med | 6.5 | < 0.23-12.8.1 | 0.23-12.8.1 | Sep 28, 2018 | CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. | |
| CVE-2018-11531 | Cri | 9.8 | < 0.23-12.5.1 | 0.23-12.5.1 | May 29, 2018 | Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. | |
| CVE-2018-10998 | Med | 6.5 | < 0.23-12.5.1 | 0.23-12.5.1 | May 12, 2018 | An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. | |
| CVE-2018-10958 | Med | 6.5 | < 0.23-12.5.1 | 0.23-12.5.1 | May 10, 2018 | In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. | |
| CVE-2017-17669 | Med | 5.5 | < 0.23-12.5.1 | 0.23-12.5.1 | Dec 13, 2017 | There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. | |
| CVE-2017-14864 | Med | 5.5 | < 0.23-12.5.1 | 0.23-12.5.1 | Sep 29, 2017 | An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |
| CVE-2017-14862 | Med | 5.5 | < 0.23-12.5.1 | 0.23-12.5.1 | Sep 29, 2017 | An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |
| CVE-2017-14859 | Med | 5.5 | < 0.23-12.5.1 | 0.23-12.5.1 | Sep 29, 2017 | An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |
| CVE-2017-11683 | Med | 6.5 | < 0.23-12.5.1 | 0.23-12.5.1 | Jul 27, 2017 | There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. |
- CVE-2021-37620Aug 9, 2021affected < 0.23-12.18.1fixed 0.23-12.18.1
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a craft
- CVE-2021-34334Aug 9, 2021affected < 0.23-12.18.1fixed 0.23-12.18.1
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cau
- CVE-2021-32815Aug 9, 2021affected < 0.23-12.18.1fixed 0.23-12.18.1
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability
- CVE-2021-29473Apr 26, 2021affected < 0.23-12.18.1fixed 0.23-12.18.1
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and m
- CVE-2021-29457Apr 19, 2021affected < 0.23-12.18.1fixed 0.23-12.18.1
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted im
- CVE-2019-20421Jan 27, 2020affected < 0.23-12.8.1fixed 0.23-12.8.1
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
- CVE-2019-17402Oct 9, 2019affected < 0.23-12.8.1fixed 0.23-12.8.1
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.
- CVE-2019-13113Jun 30, 2019affected < 0.23-12.8.1fixed 0.23-12.8.1
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.
- CVE-2019-13112Jun 30, 2019affected < 0.23-12.18.1fixed 0.23-12.18.1
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.
- CVE-2019-13110Jun 30, 2019affected < 0.23-12.8.1fixed 0.23-12.8.1
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.
- CVE-2018-20097Dec 12, 2018affected < 0.23-12.18.1fixed 0.23-12.18.1
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
- affected < 0.23-12.8.1fixed 0.23-12.8.1
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.
- affected < 0.23-12.5.1fixed 0.23-12.5.1
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.
- affected < 0.23-12.5.1fixed 0.23-12.5.1
An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.
- affected < 0.23-12.5.1fixed 0.23-12.5.1
In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.
- affected < 0.23-12.5.1fixed 0.23-12.5.1
There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.
- affected < 0.23-12.5.1fixed 0.23-12.5.1
An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
- affected < 0.23-12.5.1fixed 0.23-12.5.1
An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
- affected < 0.23-12.5.1fixed 0.23-12.5.1
An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
- affected < 0.23-12.5.1fixed 0.23-12.5.1
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
Page 1 of 2