CVE-2020-18831
https://notcve.org/view.php?id=CVE-2020-18831
Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file. Vulnerabilidad de desbordamiento del búfer en la función tEXtToDataBuf en pngimage.cpp en Exiv2 0.27.1 que permite a atacantes remotos causar una denegación de servicio y otros impactos no especificados mediante el uso de un archivo manipulado. • https://github.com/Exiv2/exiv2/issues/828 https://www.exiv2.org/download.html • CWE-787: Out-of-bounds Write •
CVE-2020-18898 – exiv2: stack exhaustion issue in the printIFDStructure function may lead to DoS
https://notcve.org/view.php?id=CVE-2020-18898
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. Un problema de agotamiento de pila en la función printIFDStructure de Exiv2 versión 0.27, permite a atacantes remotos causar una denegación de servicio (DOS) por medio de un archivo diseñado. The exiv2 program is susceptible to a stack exhaustion issue via a crafted file. The cause of this vulnerability, is due to a flaw in the code which could allow remote attackers to cause a denial of service (DOS). The highest threat from this vulnerability is availability. • https://cwe.mitre.org/data/definitions/674.html https://github.com/Exiv2/exiv2/issues/741 https://access.redhat.com/security/cve/CVE-2020-18898 https://bugzilla.redhat.com/show_bug.cgi?id=2002678 • CWE-674: Uncontrolled Recursion CWE-787: Out-of-bounds Write •
CVE-2020-18899
https://notcve.org/view.php?id=CVE-2020-18899
An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input. Una asignación de memoria no controlada en la función DataBufdata(subBox.length-sizeof(box)) de Exiv2 versión 0.27, permite a atacantes causar una denegación de servicio (DOS) por medio de una entrada diseñada. • https://cwe.mitre.org/data/definitions/789.html https://github.com/Exiv2/exiv2/issues/742 https://security.gentoo.org/glsa/202312-06 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2021-37618 – Out-of-bounds read in Exiv2::Jp2Image::printStructure
https://notcve.org/view.php?id=CVE-2021-37618
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). • https://github.com/Exiv2/exiv2/pull/1759 https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC https://security.gentoo.org/glsa/202312-06 https://access.redhat.com/security/cve/CVE-2021-37618 https://bugzilla.redhat.com/show_bug.cgi?id=1992165 • CWE-125: Out-of-bounds Read •
CVE-2021-37622 – Denial of service due to infinite loop in JpegBase::printStructure (#1)
https://notcve.org/view.php?id=CVE-2021-37622
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). • https://github.com/Exiv2/exiv2/pull/1788 https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC https://security.gentoo.org/glsa/202312-06 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •