Exiv2
by Exiv2
Source repositories
CVEs (125)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9239 | Med | 0.42 | 6.5 | 0.03 | May 26, 2017 | An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this… | ||
| CVE-2018-5772 | Med | 0.36 | 5.5 | 0.02 | Jan 18, 2018 | In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. | ||
| CVE-2018-4868 | Med | 0.36 | 5.5 | 0.01 | Jan 3, 2018 | The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file. | ||
| CVE-2017-18005 | Med | 0.36 | 5.5 | 0.01 | Dec 31, 2017 | Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. | ||
| CVE-2017-17669 | Med | 0.36 | 5.5 | 0.02 | Dec 13, 2017 | There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. | ||
| CVE-2017-1000128 | Med | 0.36 | 5.5 | 0.01 | Nov 17, 2017 | Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser | ||
| CVE-2017-1000127 | Med | 0.36 | 5.5 | 0.01 | Nov 17, 2017 | Exiv2 0.26 contains a heap buffer overflow in tiff parser | ||
| CVE-2017-1000126 | Med | 0.36 | 5.5 | 0.01 | Nov 17, 2017 | exiv2 0.26 contains a Stack out of bounds read in webp parser | ||
| CVE-2017-14866 | Med | 0.36 | 5.5 | 0.01 | Sep 29, 2017 | There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | ||
| CVE-2017-14865 | Med | 0.36 | 5.5 | 0.01 | Sep 29, 2017 | There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | ||
| CVE-2017-14864 | Med | 0.36 | 5.5 | 0.01 | Sep 29, 2017 | An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | ||
| CVE-2017-14863 | Med | 0.36 | 5.5 | 0.01 | Sep 29, 2017 | A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | ||
| CVE-2017-14862 | Med | 0.36 | 5.5 | 0.01 | Sep 29, 2017 | An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | ||
| CVE-2017-14861 | Med | 0.36 | 5.5 | 0.01 | Sep 29, 2017 | There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | ||
| CVE-2017-14860 | Med | 0.36 | 5.5 | 0.01 | Sep 29, 2017 | There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | ||
| CVE-2017-14859 | Med | 0.36 | 5.5 | 0.01 | Sep 29, 2017 | An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | ||
| CVE-2017-14858 | Med | 0.36 | 5.5 | 0.01 | Sep 29, 2017 | There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | ||
| CVE-2017-14857 | Med | 0.36 | 5.5 | 0.01 | Sep 29, 2017 | In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack. | ||
| CVE-2005-4676 | 0.03 | — | 0.04 | Dec 31, 2005 | Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata. | |||
| CVE-2026-25884 | 0.00 | — | 0.00 | Mar 2, 2026 | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8. |
- risk 0.42cvss 6.5epss 0.03
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this…
- risk 0.36cvss 5.5epss 0.02
In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.
- risk 0.36cvss 5.5epss 0.01
The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.
- risk 0.36cvss 5.5epss 0.01
Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.
- risk 0.36cvss 5.5epss 0.02
There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.
- risk 0.36cvss 5.5epss 0.01
Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser
- risk 0.36cvss 5.5epss 0.01
Exiv2 0.26 contains a heap buffer overflow in tiff parser
- risk 0.36cvss 5.5epss 0.01
exiv2 0.26 contains a Stack out of bounds read in webp parser
- risk 0.36cvss 5.5epss 0.01
There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
- risk 0.36cvss 5.5epss 0.01
There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
- risk 0.36cvss 5.5epss 0.01
An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
- risk 0.36cvss 5.5epss 0.01
A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
- risk 0.36cvss 5.5epss 0.01
An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
- risk 0.36cvss 5.5epss 0.01
There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.
- risk 0.36cvss 5.5epss 0.01
There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
- risk 0.36cvss 5.5epss 0.01
An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
- risk 0.36cvss 5.5epss 0.01
There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
- risk 0.36cvss 5.5epss 0.01
In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack.
- CVE-2005-4676Dec 31, 2005risk 0.03cvss —epss 0.04
Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata.
- CVE-2026-25884Mar 2, 2026risk 0.00cvss —epss 0.00
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.
Page 3 of 7