CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29470 – Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
https://notcve.org/view.php?id=CVE-2021-29470
23 Apr 2021 — Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when... • https://github.com/Exiv2/exiv2/pull/1581 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 2%CPEs: 5EXPL: 1CVE-2021-29457 – Heap buffer overflow in Exiv2::Jp2Image::doWriteMetadata
https://notcve.org/view.php?id=CVE-2021-29457
19 Apr 2021 — Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, whi... • https://github.com/Exiv2/exiv2/issues/1529 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-29458 – Out-of-bounds read in Exiv2::Internal::CrwMap::encode
https://notcve.org/view.php?id=CVE-2021-29458
19 Apr 2021 — Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when... • https://github.com/Exiv2/exiv2/issues/1530 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3482 – exiv2: Heap-based buffer overflow in Jp2Image::readMetadata()
https://notcve.org/view.php?id=CVE-2021-3482
08 Apr 2021 — A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. Se encontró un fallo en Exiv2 en versiones anteriores e incluyendo 0.27.4-RC1. Una comprobación inapropiada de la entrada de la propiedad rawData.size en la función Jp2Image::readMetadata() en el archivo jp2image.cpp puede conllevar a un de... • https://bugzilla.redhat.com/show_bug.cgi?id=1946314 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14982
https://notcve.org/view.php?id=CVE-2019-14982
12 Aug 2019 — In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. It can lead to a buffer overflow vulnerability and a crash. En Exiv2 anterior a la versió v0.27.2, hay una vulnerabilidad de desbordamiento de enteros en la función WebPImage :: getHeaderOffset en webpimage.cpp. Puede provocar una vulnerabilidad de desbordamiento del búfer y un bloqueo. • https://github.com/Exiv2/exiv2/compare/v0.27.2-RC2...v0.27.2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-13504
https://notcve.org/view.php?id=CVE-2019-13504
11 Jul 2019 — There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2. Hay una lectura fuera de límites en la función Exiv2::MrwImage::readMetadata en el archivo mrwimage.cpp en Exiv2 hasta versión 0.27.2. • http://www.securityfocus.com/bid/109117 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-13113 – exiv2: invalid data location in CRW image file causing denial of service
https://notcve.org/view.php?id=CVE-2019-13113
30 Jun 2019 — Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. Exiv2 hasta la versión 0.27.1, permite a un atacante causar una denegación de servicio (bloqueo debido a un fallo de aserción) por medio de una ubicación de datos no válida en un archivo de imagen CRW. The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed incl... • https://github.com/Exiv2/exiv2/issues/841 • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-13111 – exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service
https://notcve.org/view.php?id=CVE-2019-13111
30 Jun 2019 — A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file. Un desbordamiento de enteros en la función WebPImage::decodeChunks en Exiv2 hasta la versión 0.27.1, permite a un atacante causar una denegación de servicio (asignación de un pila larga seguida de un bucle muy largo) por medio de un archivo de imagen WEBP creado. The exiv2 packages provide a command line... • https://github.com/Exiv2/exiv2/issues/791 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-13109 – exiv2: denial of service in PngImage::readMetadata
https://notcve.org/view.php?id=CVE-2019-13109
30 Jun 2019 — An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction. Un desbordamiento de enteros en Exiv2 hasta la versión 0.27.1, permite a un atacante causar una denegación de servicio (SIGSEGV) por medio de un archivo de imagen PNG creado, debido a que PngImage::readMetadata maneja de manera inapropiada una sustracción chunkLength - iccOffset. The exiv2 packages... • https://github.com/Exiv2/exiv2/issues/790 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-13108
https://notcve.org/view.php?id=CVE-2019-13108
30 Jun 2019 — An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. Un desbordamiento de enteros en Exiv2 hasta la versión 0.27.1, permite a un atacante causar una denegación de servicio (SIGSEGV) por medio de un archivo de imagen PNG creado, debido a que PngImage::readMetadata no maneja un valor cero para iccOffset. • https://github.com/Exiv2/exiv2/issues/789 • CWE-190: Integer Overflow or Wraparound •