CVE-2018-16336
https://notcve.org/view.php?id=CVE-2018-16336
Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. Exiv2::Internal::PngChunk::parseTXTChunk en Exiv2 v0.26 permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap) mediante un archivo de imagen manipulado. Esta vulnerabilidad es diferente de CVE-2018-10999. • https://github.com/Exiv2/exiv2/issues/400 https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html https://usn.ubuntu.com/3852-1 • CWE-125: Out-of-bounds Read •
CVE-2018-14338 – exiv2: buffer overflow in samples/geotag.cpp
https://notcve.org/view.php?id=CVE-2018-14338
samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow. samples/geotag.cpp en el código de ejemplo de Exiv2 0.26 utiliza erróneamente la función realpath en las plataformas POSIX (diferentes de la plataforma de Apple) donde no se emplea glibc. Esto podría conducir a un desbordamiento de búfer. • https://github.com/Exiv2/exiv2/issues/382 https://access.redhat.com/security/cve/CVE-2018-14338 https://bugzilla.redhat.com/show_bug.cgi?id=1609396 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2018-14046 – exiv2: heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp
https://notcve.org/view.php?id=CVE-2018-14046
Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp. Exiv2 0.26 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en WebPImage::decodeChunks en webpimage.cpp. • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/378 https://access.redhat.com/security/cve/CVE-2018-14046 https://bugzilla.redhat.com/show_bug.cgi?id=1601628 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVE-2018-12265 – exiv2: integer overflow in the LoaderExifJpeg class in preview.cpp
https://notcve.org/view.php?id=CVE-2018-12265
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp. Exiv2 0.26 tiene un desbordamiento de enteros en la clase LoaderExifJpeg en preview.cpp, lo que conduce a una lectura fuera de límites en Exiv2::MemIo::read en basicio.cpp. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/365 https://github.com/TeamSeri0us/pocs/blob/master/exiv2/1-out-of-read-Poc https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html https://security.gentoo.org/glsa/201811-14 https://usn.ubuntu.com/3700-1 https://www.debian.org/security/2018/dsa-4238 https://access.redhat.com/security/cve/CVE-2018 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVE-2018-12264 – exiv2: integer overflow in getData function in preview.cpp
https://notcve.org/view.php?id=CVE-2018-12264
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp. Exiv2 0.26 tiene desbordamientos de enteros en LoaderTiff::getData() en preview.cpp, lo que conduce a una lectura fuera de límites en Exiv2::ValueType::setDataArea en value.hpp. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/366 https://github.com/TeamSeri0us/pocs/blob/master/exiv2/2-out-of-read-Poc https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html https://security.gentoo.org/glsa/201811-14 https://usn.ubuntu.com/3700-1 https://www.debian.org/security/2018/dsa-4238 https://access.redhat.com/security/cve/CVE-2018 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •