CVE-2018-9305 – exiv2: out of bounds read in IptcData::printStructure in iptc.c
https://notcve.org/view.php?id=CVE-2018-9305
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case. En Exiv2 0.26, una lectura fuera de límites en IptcData::printStructure en iptc.c podría resultar en un cierre inesperado o una fuga de información. Esto está relacionado con el caso "== 0x1c". An out-of-bounds read vulnerability has been discovered in IptcData::printStructure in iptc.cpp file of Exiv2 0.26. An attacker could cause a crash or an information leak by providing a crafted image. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/263 https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md https://security.gentoo.org/glsa/201811-14 https://access.redhat.com/security/cve/CVE-2018-9305 https://bugzilla.redhat.com/show_bug.cgi?id=1566735 • CWE-125: Out-of-bounds Read •
CVE-2018-9144
https://notcve.org/view.php?id=CVE-2018-9144
In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure. En Exiv2 0.26, existe una lectura fuera de límites en Exiv2::Internal::binaryToString en image.cpp. Esto podría resultar en una denegación de servicio (DoS) o divulgación de información. • https://github.com/Exiv2/exiv2/issues/254 https://github.com/xiaoqx/pocs/tree/master/exiv2 https://security.gentoo.org/glsa/201811-14 • CWE-125: Out-of-bounds Read •
CVE-2018-9145
https://notcve.org/view.php?id=CVE-2018-9145
In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file. En la clase DataBuf en include/exiv2/types.hpp en Exiv2 0.26, existe un problema en el constructor con un tamaño de búfer inicial. Un valor de tamaño grande puede desembocar en un SIGABRT durante un intento de asignación de memoria. • https://bugzilla.novell.com/show_bug.cgi?id=1087879 https://bugzilla.redhat.com/show_bug.cgi?id=1564281 https://github.com/xiaoqx/pocs/tree/master/exiv2 https://security.gentoo.org/glsa/201811-14 • CWE-20: Improper Input Validation •
CVE-2018-8977 – exiv2: invalid memory access in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp
https://notcve.org/view.php?id=CVE-2018-8977
In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file. La función Exiv2::Internal::printCsLensFFFF en canonmn_int.cpp en Exiv2 0.26 permite que atacantes remotos provoquen una denegación de servicio (acceso a memoria no válido) mediante un archivo manipulado. • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/247 https://security.gentoo.org/glsa/201811-14 https://access.redhat.com/security/cve/CVE-2018-8977 https://bugzilla.redhat.com/show_bug.cgi?id=1561217 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-8976 – exiv2: out-of-bounds read in Exiv2::Internal::stringFormat image.cpp
https://notcve.org/view.php?id=CVE-2018-8976
In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. En Exiv2 0.26, jpgimage.cpp permite que atacantes remotos provoquen una denegación de servicio (lectura fuera de límites de Exiv2::Internal::stringFormat en image.cpp) mediante un archivo manipulado. • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/246 https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://security.gentoo.org/glsa/201811-14 https://access.redhat.com/security/cve/CVE-2018-8976 https://bugzilla.redhat.com/show_bug.cgi?id=1561213 • CWE-125: Out-of-bounds Read •