rpm package
suse/exiv2&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5
pkg:rpm/suse/exiv2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
Vulnerabilities (15)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-37620 | — | < 0.23-12.18.1 | 0.23-12.18.1 | Aug 9, 2021 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a craft | ||
| CVE-2021-34334 | — | < 0.23-12.18.1 | 0.23-12.18.1 | Aug 9, 2021 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cau | ||
| CVE-2021-32815 | — | < 0.23-12.18.1 | 0.23-12.18.1 | Aug 9, 2021 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability | ||
| CVE-2021-32617 | — | < 0.23-12.11.1 | 0.23-12.11.1 | May 17, 2021 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to | ||
| CVE-2021-29473 | — | < 0.23-12.18.1 | 0.23-12.18.1 | Apr 26, 2021 | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and m | ||
| CVE-2021-29457 | — | < 0.23-12.18.1 | 0.23-12.18.1 | Apr 19, 2021 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted im | ||
| CVE-2019-20421 | — | < 0.23-12.8.1 | 0.23-12.8.1 | Jan 27, 2020 | In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. | ||
| CVE-2019-17402 | — | < 0.23-12.8.1 | 0.23-12.8.1 | Oct 9, 2019 | Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size. | ||
| CVE-2019-13113 | — | < 0.23-12.8.1 | 0.23-12.8.1 | Jun 30, 2019 | Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. | ||
| CVE-2019-13112 | — | < 0.23-12.18.1 | 0.23-12.18.1 | Jun 30, 2019 | A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. | ||
| CVE-2019-13110 | — | < 0.23-12.8.1 | 0.23-12.8.1 | Jun 30, 2019 | A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. | ||
| CVE-2018-20097 | — | < 0.23-12.18.1 | 0.23-12.18.1 | Dec 12, 2018 | There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | ||
| CVE-2018-19535 | — | < 0.23-12.21.1 | 0.23-12.21.1 | Nov 26, 2018 | In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file. | ||
| CVE-2018-17581 | Med | 6.5 | < 0.23-12.8.1 | 0.23-12.8.1 | Sep 28, 2018 | CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. | |
| CVE-2017-9239 | Med | 6.5 | < 0.23-12.8.1 | 0.23-12.8.1 | May 26, 2017 | An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulne |
- CVE-2021-37620Aug 9, 2021affected < 0.23-12.18.1fixed 0.23-12.18.1
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a craft
- CVE-2021-34334Aug 9, 2021affected < 0.23-12.18.1fixed 0.23-12.18.1
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cau
- CVE-2021-32815Aug 9, 2021affected < 0.23-12.18.1fixed 0.23-12.18.1
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability
- CVE-2021-32617May 17, 2021affected < 0.23-12.11.1fixed 0.23-12.11.1
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to
- CVE-2021-29473Apr 26, 2021affected < 0.23-12.18.1fixed 0.23-12.18.1
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and m
- CVE-2021-29457Apr 19, 2021affected < 0.23-12.18.1fixed 0.23-12.18.1
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted im
- CVE-2019-20421Jan 27, 2020affected < 0.23-12.8.1fixed 0.23-12.8.1
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
- CVE-2019-17402Oct 9, 2019affected < 0.23-12.8.1fixed 0.23-12.8.1
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.
- CVE-2019-13113Jun 30, 2019affected < 0.23-12.8.1fixed 0.23-12.8.1
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.
- CVE-2019-13112Jun 30, 2019affected < 0.23-12.18.1fixed 0.23-12.18.1
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.
- CVE-2019-13110Jun 30, 2019affected < 0.23-12.8.1fixed 0.23-12.8.1
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.
- CVE-2018-20097Dec 12, 2018affected < 0.23-12.18.1fixed 0.23-12.18.1
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
- CVE-2018-19535Nov 26, 2018affected < 0.23-12.21.1fixed 0.23-12.21.1
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
- affected < 0.23-12.8.1fixed 0.23-12.8.1
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.
- affected < 0.23-12.8.1fixed 0.23-12.8.1
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulne