Vendor CVEs
Exiv2
All CVEs
125 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-14368 | 0.00 | — | 0.01 | Jul 28, 2019 | Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp. | |||
| CVE-2019-14370 | 0.00 | — | 0.01 | Jul 28, 2019 | In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service. | |||
| CVE-2019-14369 | 0.00 | — | 0.01 | Jul 28, 2019 | Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file. | |||
| CVE-2019-13504 | 0.00 | — | 0.02 | Jul 11, 2019 | There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2. | |||
| CVE-2019-13113 | 0.00 | — | 0.02 | Jun 30, 2019 | Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. | |||
| CVE-2019-13111 | 0.00 | — | 0.01 | Jun 30, 2019 | A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file. | |||
| CVE-2019-13109 | 0.00 | — | 0.02 | Jun 30, 2019 | An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction. | |||
| CVE-2019-13108 | 0.00 | — | 0.01 | Jun 30, 2019 | An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. | |||
| CVE-2019-13110 | 0.00 | — | 0.02 | Jun 30, 2019 | A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. | |||
| CVE-2019-13112 | 0.00 | — | 0.02 | Jun 30, 2019 | A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. | |||
| CVE-2019-13114 | 0.00 | — | 0.02 | Jun 30, 2019 | http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. | |||
| CVE-2019-9144 | 0.00 | — | 0.03 | Feb 25, 2019 | An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||
| CVE-2019-9143 | 0.00 | — | 0.03 | Feb 25, 2019 | An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||
| CVE-2018-20098 | 0.00 | — | 0.03 | Dec 12, 2018 | There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2018-20096 | 0.00 | — | 0.03 | Dec 12, 2018 | There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2018-20099 | 0.00 | — | 0.02 | Dec 12, 2018 | There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2018-20097 | 0.00 | — | 0.02 | Dec 12, 2018 | There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2018-19607 | 0.00 | — | 0.02 | Nov 27, 2018 | Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | |||
| CVE-2018-19535 | 0.00 | — | 0.02 | Nov 26, 2018 | In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file. | |||
| CVE-2018-19108 | 0.00 | — | 0.02 | Nov 8, 2018 | In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. | |||
| CVE-2018-19107 | 0.00 | — | 0.02 | Nov 8, 2018 | In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. | |||
| CVE-2018-18915 | 0.00 | — | 0.02 | Nov 3, 2018 | There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2014-9449 | 0.00 | — | 0.04 | Jan 2, 2015 | Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file. | |||
| CVE-2008-2696 | 0.00 | — | 0.02 | Jun 13, 2008 | Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to "pretty printing" and the RationalValue::toLong function. | |||
| CVE-2007-6353 | 0.00 | — | 0.05 | Dec 20, 2007 | Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. |
- CVE-2019-14368Jul 28, 2019risk 0.00cvss —epss 0.01
Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp.
- CVE-2019-14370Jul 28, 2019risk 0.00cvss —epss 0.01
In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service.
- CVE-2019-14369Jul 28, 2019risk 0.00cvss —epss 0.01
Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file.
- CVE-2019-13504Jul 11, 2019risk 0.00cvss —epss 0.02
There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2.
- CVE-2019-13113Jun 30, 2019risk 0.00cvss —epss 0.02
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.
- CVE-2019-13111Jun 30, 2019risk 0.00cvss —epss 0.01
A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.
- CVE-2019-13109Jun 30, 2019risk 0.00cvss —epss 0.02
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.
- CVE-2019-13108Jun 30, 2019risk 0.00cvss —epss 0.01
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.
- CVE-2019-13110Jun 30, 2019risk 0.00cvss —epss 0.02
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.
- CVE-2019-13112Jun 30, 2019risk 0.00cvss —epss 0.02
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.
- CVE-2019-13114Jun 30, 2019risk 0.00cvss —epss 0.02
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.
- CVE-2019-9144Feb 25, 2019risk 0.00cvss —epss 0.03
An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
- CVE-2019-9143Feb 25, 2019risk 0.00cvss —epss 0.03
An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
- CVE-2018-20098Dec 12, 2018risk 0.00cvss —epss 0.03
There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
- CVE-2018-20096Dec 12, 2018risk 0.00cvss —epss 0.03
There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
- CVE-2018-20099Dec 12, 2018risk 0.00cvss —epss 0.02
There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
- CVE-2018-20097Dec 12, 2018risk 0.00cvss —epss 0.02
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
- CVE-2018-19607Nov 27, 2018risk 0.00cvss —epss 0.02
Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
- CVE-2018-19535Nov 26, 2018risk 0.00cvss —epss 0.02
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
- CVE-2018-19108Nov 8, 2018risk 0.00cvss —epss 0.02
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.
- CVE-2018-19107Nov 8, 2018risk 0.00cvss —epss 0.02
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.
- CVE-2018-18915Nov 3, 2018risk 0.00cvss —epss 0.02
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.
- CVE-2014-9449Jan 2, 2015risk 0.00cvss —epss 0.04
Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.
- CVE-2008-2696Jun 13, 2008risk 0.00cvss —epss 0.02
Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to "pretty printing" and the RationalValue::toLong function.
- CVE-2007-6353Dec 20, 2007risk 0.00cvss —epss 0.05
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
Page 3 of 3