Page 3 of 36 results (0.003 seconds)

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when modifying the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fi`. ### Patches The bug is fixed in version v0.27.5. ### References Regression test and bug fix: #1739 ### For more information Please see our [security policy](https://github.com/Exiv2/exiv2/security/policy) for information about Exiv2 security. • https://github.com/Exiv2/exiv2/pull/1739 https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC https://security.gentoo.org/glsa/202312-06 • CWE-617: Reachable Assertion •

CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. • https://github.com/Exiv2/exiv2/pull/1657 https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5I3RRZUGSBIUYZ5TIHLN55PKMAWCSJ5G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2BPQNJKTRIDINTVJ22QMMTIZEPHVKXK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQAKFIQHW2AS3AGSJM42ABOA6CWIJBGM https://lists.fedoraproject.org/archives/list/package-a • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file. • https://github.com/Exiv2/exiv2/pull/1627 https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5I3RRZUGSBIUYZ5TIHLN55PKMAWCSJ5G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2BPQNJKTRIDINTVJ22QMMTIZEPHVKXK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQAKFIQHW2AS3AGSJM42ABOA6CWIJBGM https://lists.fedoraproject.org/archives/list/package-a • CWE-908: Use of Uninitialized Resource •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. • https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3HKXR6JOVKMBE4HY4FDXNVZGNCQG6T3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDMZTVQAZSMLPTDVDYLBHAAF7I5QXVYQ https://security.gentoo.org/glsa/202312-06 https://access.redhat.com/security/cve/CVE-2021-29463 https://bugzilla.redhat.com/show_bug&# • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. • https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54 https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3HKXR6JOVKMBE4HY4FDXNVZGNCQG6T3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDMZTVQAZSMLPTDVDYLBHAAF7I5QXVYQ https://security.gentoo.org/glsa/202312-06 https://access.redhat.com/security/cve/CVE-2021-29464 https://bugzilla.redhat.com/show_bug&# • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •