VYPR

rpm package

suse/exiv2&distro=SUSE Linux Enterprise Software Development Kit 12 SP5

pkg:rpm/suse/exiv2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Vulnerabilities (15)

  • CVE-2021-37620Aug 9, 2021
    affected < 0.23-12.18.1fixed 0.23-12.18.1

    Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a craft

  • CVE-2021-34334Aug 9, 2021
    affected < 0.23-12.18.1fixed 0.23-12.18.1

    Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cau

  • CVE-2021-32815Aug 9, 2021
    affected < 0.23-12.18.1fixed 0.23-12.18.1

    Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability

  • CVE-2021-32617May 17, 2021
    affected < 0.23-12.11.1fixed 0.23-12.11.1

    Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to

  • CVE-2021-29473Apr 26, 2021
    affected < 0.23-12.18.1fixed 0.23-12.18.1

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and m

  • CVE-2021-29457Apr 19, 2021
    affected < 0.23-12.18.1fixed 0.23-12.18.1

    Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted im

  • CVE-2019-20421Jan 27, 2020
    affected < 0.23-12.8.1fixed 0.23-12.8.1

    In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

  • CVE-2019-17402Oct 9, 2019
    affected < 0.23-12.8.1fixed 0.23-12.8.1

    Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.

  • CVE-2019-13113Jun 30, 2019
    affected < 0.23-12.8.1fixed 0.23-12.8.1

    Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.

  • CVE-2019-13112Jun 30, 2019
    affected < 0.23-12.18.1fixed 0.23-12.18.1

    A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.

  • CVE-2019-13110Jun 30, 2019
    affected < 0.23-12.8.1fixed 0.23-12.8.1

    A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.

  • CVE-2018-20097Dec 12, 2018
    affected < 0.23-12.18.1fixed 0.23-12.18.1

    There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

  • CVE-2018-19535Nov 26, 2018
    affected < 0.23-12.21.1fixed 0.23-12.21.1

    In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.

  • CVE-2018-17581MedSep 28, 2018
    affected < 0.23-12.8.1fixed 0.23-12.8.1

    CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.

  • CVE-2017-9239MedMay 26, 2017
    affected < 0.23-12.8.1fixed 0.23-12.8.1

    An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulne