rpm package
suse/exiv2&distro=SUSE Linux Enterprise Module for Desktop Applications 15
pkg:rpm/suse/exiv2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015
Vulnerabilities (15)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-14864 | Med | 5.5 | < 0.26-6.3.1 | 0.26-6.3.1 | Sep 29, 2017 | An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |
| CVE-2017-14862 | Med | 5.5 | < 0.26-6.3.1 | 0.26-6.3.1 | Sep 29, 2017 | An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |
| CVE-2017-14860 | Med | 5.5 | < 0.26-6.3.1 | 0.26-6.3.1 | Sep 29, 2017 | There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | |
| CVE-2017-14859 | Med | 5.5 | < 0.26-6.3.1 | 0.26-6.3.1 | Sep 29, 2017 | An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |
| CVE-2017-12957 | Med | 6.5 | < 0.26-6.3.1 | 0.26-6.3.1 | Aug 18, 2017 | There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service. | |
| CVE-2017-12956 | Med | 6.5 | < 0.26-6.3.1 | 0.26-6.3.1 | Aug 18, 2017 | There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service. | |
| CVE-2017-12955 | Hig | 8.8 | < 0.26-6.3.1 | 0.26-6.3.1 | Aug 18, 2017 | There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact. | |
| CVE-2017-11683 | Med | 6.5 | < 0.26-6.3.1 | 0.26-6.3.1 | Jul 27, 2017 | There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |
| CVE-2017-11592 | Hig | 7.5 | < 0.26-6.3.1 | 0.26-6.3.1 | Jul 24, 2017 | There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input. | |
| CVE-2017-11591 | Hig | 7.5 | < 0.26-6.3.1 | 0.26-6.3.1 | Jul 24, 2017 | There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |
| CVE-2017-11553 | Hig | 7.5 | < 0.26-6.3.1 | 0.26-6.3.1 | Jul 23, 2017 | There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service. | |
| CVE-2017-11340 | Med | 6.5 | < 0.26-6.3.1 | 0.26-6.3.1 | Jul 17, 2017 | There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack. | |
| CVE-2017-11339 | Med | 6.5 | < 0.26-6.3.1 | 0.26-6.3.1 | Jul 17, 2017 | There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | |
| CVE-2017-11338 | Med | 6.5 | < 0.26-6.3.1 | 0.26-6.3.1 | Jul 17, 2017 | There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | |
| CVE-2017-11337 | Med | 6.5 | < 0.26-6.3.1 | 0.26-6.3.1 | Jul 17, 2017 | There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. |
- affected < 0.26-6.3.1fixed 0.26-6.3.1
An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
- affected < 0.26-6.3.1fixed 0.26-6.3.1
An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
- affected < 0.26-6.3.1fixed 0.26-6.3.1
There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
- affected < 0.26-6.3.1fixed 0.26-6.3.1
An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
- affected < 0.26-6.3.1fixed 0.26-6.3.1
There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.
- affected < 0.26-6.3.1fixed 0.26-6.3.1
There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service.
- affected < 0.26-6.3.1fixed 0.26-6.3.1
There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.
- affected < 0.26-6.3.1fixed 0.26-6.3.1
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
- affected < 0.26-6.3.1fixed 0.26-6.3.1
There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input.
- affected < 0.26-6.3.1fixed 0.26-6.3.1
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
- affected < 0.26-6.3.1fixed 0.26-6.3.1
There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.
- affected < 0.26-6.3.1fixed 0.26-6.3.1
There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack.
- affected < 0.26-6.3.1fixed 0.26-6.3.1
There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.
- affected < 0.26-6.3.1fixed 0.26-6.3.1
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
- affected < 0.26-6.3.1fixed 0.26-6.3.1
There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.