VYPR

rpm package

suse/exiv2&distro=SUSE Linux Enterprise Server for SAP applications 16.0

pkg:rpm/suse/exiv2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0

Vulnerabilities (9)

  • CVE-2026-25884Mar 2, 2026
    affected < 0.28.8-160000.1.1fixed 0.28.8-160000.1.1

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.

  • CVE-2026-27596Mar 2, 2026
    affected < 0.28.8-160000.1.1fixed 0.28.8-160000.1.1

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2

  • CVE-2026-27631Mar 2, 2026
    affected < 0.28.8-160000.1.1fixed 0.28.8-160000.1.1

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2

  • CVE-2025-55304Aug 29, 2025
    affected < 0.28.8-160000.1.1fixed 0.28.8-160000.1.1

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to

  • CVE-2025-54080Aug 29, 2025
    affected < 0.28.8-160000.1.1fixed 0.28.8-160000.1.1

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafte

  • CVE-2025-26623Feb 18, 2025
    affected < 0.28.8-160000.1.1fixed 0.28.8-160000.1.1

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-

  • CVE-2024-39695Jul 8, 2024
    affected < 0.28.8-160000.1.1fixed 0.28.8-160000.1.1

    Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. Th

  • CVE-2024-24826Feb 12, 2024
    affected < 0.28.8-160000.1.1fixed 0.28.8-160000.1.1

    Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions

  • CVE-2024-25112Feb 12, 2024
    affected < 0.28.8-160000.1.1fixed 0.28.8-160000.1.1

    Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `Qu