rpm package
suse/exiv2&distro=SUSE Linux Enterprise Desktop 12 SP4
pkg:rpm/suse/exiv2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-11531 | Cri | 9.8 | < 0.23-12.5.1 | 0.23-12.5.1 | May 29, 2018 | Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. | |
| CVE-2018-10998 | Med | 6.5 | < 0.23-12.5.1 | 0.23-12.5.1 | May 12, 2018 | An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. | |
| CVE-2018-10958 | Med | 6.5 | < 0.23-12.5.1 | 0.23-12.5.1 | May 10, 2018 | In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. | |
| CVE-2017-17669 | Med | 5.5 | < 0.23-12.5.1 | 0.23-12.5.1 | Dec 13, 2017 | There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. | |
| CVE-2017-14864 | Med | 5.5 | < 0.23-12.5.1 | 0.23-12.5.1 | Sep 29, 2017 | An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |
| CVE-2017-14862 | Med | 5.5 | < 0.23-12.5.1 | 0.23-12.5.1 | Sep 29, 2017 | An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |
| CVE-2017-14859 | Med | 5.5 | < 0.23-12.5.1 | 0.23-12.5.1 | Sep 29, 2017 | An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |
| CVE-2017-11683 | Med | 6.5 | < 0.23-12.5.1 | 0.23-12.5.1 | Jul 27, 2017 | There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |
| CVE-2017-11591 | Hig | 7.5 | < 0.23-12.5.1 | 0.23-12.5.1 | Jul 24, 2017 | There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. |
- affected < 0.23-12.5.1fixed 0.23-12.5.1
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.
- affected < 0.23-12.5.1fixed 0.23-12.5.1
An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.
- affected < 0.23-12.5.1fixed 0.23-12.5.1
In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.
- affected < 0.23-12.5.1fixed 0.23-12.5.1
There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.
- affected < 0.23-12.5.1fixed 0.23-12.5.1
An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
- affected < 0.23-12.5.1fixed 0.23-12.5.1
An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
- affected < 0.23-12.5.1fixed 0.23-12.5.1
An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
- affected < 0.23-12.5.1fixed 0.23-12.5.1
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
- affected < 0.23-12.5.1fixed 0.23-12.5.1
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.