VYPR

rpm package

suse/exiv2&distro=SUSE Linux Enterprise Module for Desktop Applications 15

pkg:rpm/suse/exiv2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015

Vulnerabilities (15)

  • CVE-2017-14864MedSep 29, 2017
    affected < 0.26-6.3.1fixed 0.26-6.3.1

    An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2017-14862MedSep 29, 2017
    affected < 0.26-6.3.1fixed 0.26-6.3.1

    An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2017-14860MedSep 29, 2017
    affected < 0.26-6.3.1fixed 0.26-6.3.1

    There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.

  • CVE-2017-14859MedSep 29, 2017
    affected < 0.26-6.3.1fixed 0.26-6.3.1

    An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2017-12957MedAug 18, 2017
    affected < 0.26-6.3.1fixed 0.26-6.3.1

    There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.

  • CVE-2017-12956MedAug 18, 2017
    affected < 0.26-6.3.1fixed 0.26-6.3.1

    There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service.

  • CVE-2017-12955HigAug 18, 2017
    affected < 0.26-6.3.1fixed 0.26-6.3.1

    There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.

  • CVE-2017-11683MedJul 27, 2017
    affected < 0.26-6.3.1fixed 0.26-6.3.1

    There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

  • CVE-2017-11592HigJul 24, 2017
    affected < 0.26-6.3.1fixed 0.26-6.3.1

    There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input.

  • CVE-2017-11591HigJul 24, 2017
    affected < 0.26-6.3.1fixed 0.26-6.3.1

    There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

  • CVE-2017-11553HigJul 23, 2017
    affected < 0.26-6.3.1fixed 0.26-6.3.1

    There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.

  • CVE-2017-11340MedJul 17, 2017
    affected < 0.26-6.3.1fixed 0.26-6.3.1

    There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack.

  • CVE-2017-11339MedJul 17, 2017
    affected < 0.26-6.3.1fixed 0.26-6.3.1

    There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.

  • CVE-2017-11338MedJul 17, 2017
    affected < 0.26-6.3.1fixed 0.26-6.3.1

    There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.

  • CVE-2017-11337MedJul 17, 2017
    affected < 0.26-6.3.1fixed 0.26-6.3.1

    There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.