VYPR

rpm package

suse/exiv2&distro=SUSE Linux Enterprise Server 12 SP4

pkg:rpm/suse/exiv2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4

Vulnerabilities (15)

  • CVE-2019-20421Jan 27, 2020
    affected < 0.23-12.8.1fixed 0.23-12.8.1

    In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

  • CVE-2019-17402Oct 9, 2019
    affected < 0.23-12.8.1fixed 0.23-12.8.1

    Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.

  • CVE-2019-13113Jun 30, 2019
    affected < 0.23-12.8.1fixed 0.23-12.8.1

    Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.

  • CVE-2019-13110Jun 30, 2019
    affected < 0.23-12.8.1fixed 0.23-12.8.1

    A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.

  • CVE-2018-17581MedSep 28, 2018
    affected < 0.23-12.8.1fixed 0.23-12.8.1

    CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.

  • CVE-2018-11531CriMay 29, 2018
    affected < 0.23-12.5.1fixed 0.23-12.5.1

    Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.

  • CVE-2018-10998MedMay 12, 2018
    affected < 0.23-12.5.1fixed 0.23-12.5.1

    An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.

  • CVE-2018-10958MedMay 10, 2018
    affected < 0.23-12.5.1fixed 0.23-12.5.1

    In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.

  • CVE-2017-17669MedDec 13, 2017
    affected < 0.23-12.5.1fixed 0.23-12.5.1

    There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.

  • CVE-2017-14864MedSep 29, 2017
    affected < 0.23-12.5.1fixed 0.23-12.5.1

    An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2017-14862MedSep 29, 2017
    affected < 0.23-12.5.1fixed 0.23-12.5.1

    An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2017-14859MedSep 29, 2017
    affected < 0.23-12.5.1fixed 0.23-12.5.1

    An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2017-11683MedJul 27, 2017
    affected < 0.23-12.5.1fixed 0.23-12.5.1

    There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

  • CVE-2017-11591HigJul 24, 2017
    affected < 0.23-12.5.1fixed 0.23-12.5.1

    There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

  • CVE-2017-9239MedMay 26, 2017
    affected < 0.23-12.8.1fixed 0.23-12.8.1

    An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulne