VYPR

Exiv2

by Exiv2

pypi: exiv2

Source repositories

CVEs (125)

  • CVE-2017-9239MedMay 26, 2017
    risk 0.42cvss 6.5epss 0.03

    An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this…

  • CVE-2018-5772MedJan 18, 2018
    risk 0.36cvss 5.5epss 0.02

    In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.

  • CVE-2018-4868MedJan 3, 2018
    risk 0.36cvss 5.5epss 0.01

    The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.

  • CVE-2017-18005MedDec 31, 2017
    risk 0.36cvss 5.5epss 0.01

    Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.

  • CVE-2017-17669MedDec 13, 2017
    risk 0.36cvss 5.5epss 0.02

    There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.

  • CVE-2017-1000128MedNov 17, 2017
    risk 0.36cvss 5.5epss 0.01

    Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser

  • CVE-2017-1000127MedNov 17, 2017
    risk 0.36cvss 5.5epss 0.01

    Exiv2 0.26 contains a heap buffer overflow in tiff parser

  • CVE-2017-1000126MedNov 17, 2017
    risk 0.36cvss 5.5epss 0.01

    exiv2 0.26 contains a Stack out of bounds read in webp parser

  • CVE-2017-14866MedSep 29, 2017
    risk 0.36cvss 5.5epss 0.01

    There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.

  • CVE-2017-14865MedSep 29, 2017
    risk 0.36cvss 5.5epss 0.01

    There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.

  • CVE-2017-14864MedSep 29, 2017
    risk 0.36cvss 5.5epss 0.01

    An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2017-14863MedSep 29, 2017
    risk 0.36cvss 5.5epss 0.01

    A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2017-14862MedSep 29, 2017
    risk 0.36cvss 5.5epss 0.01

    An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2017-14861MedSep 29, 2017
    risk 0.36cvss 5.5epss 0.01

    There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.

  • CVE-2017-14860MedSep 29, 2017
    risk 0.36cvss 5.5epss 0.01

    There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.

  • CVE-2017-14859MedSep 29, 2017
    risk 0.36cvss 5.5epss 0.01

    An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2017-14858MedSep 29, 2017
    risk 0.36cvss 5.5epss 0.01

    There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.

  • CVE-2017-14857MedSep 29, 2017
    risk 0.36cvss 5.5epss 0.01

    In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack.

  • CVE-2005-4676Dec 31, 2005
    risk 0.03cvss epss 0.04

    Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata.

  • CVE-2026-25884Mar 2, 2026
    risk 0.00cvss epss 0.00

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.

Page 3 of 7