CVE-2018-17282 – exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash
https://notcve.org/view.php?id=CVE-2018-17282
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference. Se ha descubierto un problema en Exiv2 v0.26. La función Exiv2::DataValue::copy en value.cpp tiene una desreferencia de puntero NULL. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/457 https://access.redhat.com/security/cve/CVE-2018-17282 https://bugzilla.redhat.com/show_bug.cgi?id=1632490 • CWE-476: NULL Pointer Dereference •
CVE-2018-17230 – exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp
https://notcve.org/view.php?id=CVE-2018-17230
Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. Exiv2::ul2Data en types.cpp en Exiv2 v0.26 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) mediante un archivo de imagen manipulado. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html https://github.com/Exiv2/exiv2/issues/455 https://access.redhat.com/security/cve/CVE-2018-17230 https://bugzilla.redhat.com/show_bug.cgi?id=1632484 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2018-17229 – exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp
https://notcve.org/view.php?id=CVE-2018-17229
Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. Exiv2::d2Data en types.cpp en Exiv2 v0.26 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) mediante un archivo de imagen manipulado. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html https://github.com/Exiv2/exiv2/issues/453 https://access.redhat.com/security/cve/CVE-2018-17229 https://bugzilla.redhat.com/show_bug.cgi?id=1632481 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2018-16336
https://notcve.org/view.php?id=CVE-2018-16336
Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. Exiv2::Internal::PngChunk::parseTXTChunk en Exiv2 v0.26 permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap) mediante un archivo de imagen manipulado. Esta vulnerabilidad es diferente de CVE-2018-10999. • https://github.com/Exiv2/exiv2/issues/400 https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html https://usn.ubuntu.com/3852-1 • CWE-125: Out-of-bounds Read •
CVE-2018-14338 – exiv2: buffer overflow in samples/geotag.cpp
https://notcve.org/view.php?id=CVE-2018-14338
samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow. samples/geotag.cpp en el código de ejemplo de Exiv2 0.26 utiliza erróneamente la función realpath en las plataformas POSIX (diferentes de la plataforma de Apple) donde no se emplea glibc. Esto podría conducir a un desbordamiento de búfer. • https://github.com/Exiv2/exiv2/issues/382 https://access.redhat.com/security/cve/CVE-2018-14338 https://bugzilla.redhat.com/show_bug.cgi?id=1609396 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •