CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 1CVE-2018-11531
https://notcve.org/view.php?id=CVE-2018-11531
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. Exiv2 0.26 tiene un desbordamiento de búfer basado en memoria dinámica (heap) en getData en preview.cpp. • https://github.com/Exiv2/exiv2/issues/283 https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html https://security.gentoo.org/glsa/201811-14 https://usn.ubuntu.com/3700-1 https://www.debian.org/security/2018/dsa-4238 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11037 – exiv2: information leak via a crafted file
https://notcve.org/view.php?id=CVE-2018-11037
In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file. La función Exiv2::PngImage::printStructure en pngimage.cpp en Exiv2 0.26 permite que atacantes remotos provoquen una fuga de información mediante un archivo manipulado. • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/307 https://security.gentoo.org/glsa/201811-14 https://access.redhat.com/security/cve/CVE-2018-11037 https://bugzilla.redhat.com/show_bug.cgi?id=1579544 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 1%CPEs: 10EXPL: 1CVE-2018-10998 – exiv2: SIGABRT by triggering an incorrect Safe::add call
https://notcve.org/view.php?id=CVE-2018-10998
An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. Se ha descubierto un problema en Exiv2 0.26. readMetadata en jp2image.cpp permite que atacantes remotos provoquen una denegación de servicio (SIGABRT) desencadenando una llamada Safe::add incorrecta. • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/303 https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html https://security.gentoo.org/glsa/201811-14 https://usn.ubuntu.com/3700-1 https://www.debian.org/security/2018/dsa-4238 https://access.redhat.com/security/cve/CVE-2018-10998 https://bugzilla.redhat.com/show_bug.cgi?id=1579481 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2018-10999 – exiv2: heap-based buffer over-read in parseTXTChunk function
https://notcve.org/view.php?id=CVE-2018-10999
An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read. Se ha descubierto un problema en Exiv2 0.26. La función Exiv2::Internal::PngChunk::parseTXTChunk tiene una sobrelectura de búfer basada en memoria dinámica (heap). • https://github.com/Exiv2/exiv2/issues/306 https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html https://security.gentoo.org/glsa/201811-14 https://usn.ubuntu.com/3700-1 https://www.debian.org/security/2018/dsa-4238 https://access.redhat.com/security/cve/CVE-2018-10999 https://bugzilla.redhat.com/show_bug.cgi?id=1579488 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2018-10958 – exiv2: SIGABRT caused by memory allocation in types.cpp:Exiv2::Internal::PngChunk::zlibUncompress()
https://notcve.org/view.php?id=CVE-2018-10958
In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. En types.cpp en Exiv2 0.26, un valor de tamaño largo podría conducir a un SIGABRT durante un intento de asignación de memoria en una llamada Exiv2::Internal::PngChunk::zlibUncompress. • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/302 https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html https://security.gentoo.org/glsa/201811-14 https://usn.ubuntu.com/3700-1 https://www.debian.org/security/2018/dsa-4238 https://access.redhat.com/security/cve/CVE-2018-10958 https://bugzilla.redhat.com/show_bug.cgi?id=1578659 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400: Uncontrolled Resource Consumption •