CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-19107 – exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp
https://notcve.org/view.php?id=CVE-2018-19107
08 Nov 2018 — In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. En Exiv2 0.26, Exiv2::IptcParser::decode en iptc.cpp (llamado desde psdimage.cpp en el lector de imágenes PSD) puede sufrir una denegación de servicio (sobrelectura de búfer basada en memoria dinámica) causada por un desbordamiento de enteros a través de un archivo de imagen PSD ma... • https://access.redhat.com/errata/RHSA-2019:2101 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-19108 – exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp
https://notcve.org/view.php?id=CVE-2018-19108
08 Nov 2018 — In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. En Exiv2 0.26, Exiv2::PsdImage::readMetadata en psdimage.cpp en el lector de imágenes PSD puede sufrir una denegación de servicio (bucle infinito) causada por un desbordamiento de enteros a través de un archivo de imagen PSD manipulado. The exiv2 packages provide a command line utility which can display and manipu... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 2CVE-2018-17581 – exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service
https://notcve.org/view.php?id=CVE-2018-17581
28 Sep 2018 — CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. CiffDirectory::readDirectory() en crwimage_int.cpp en Exiv2 0.26 tiene un consumo excesivo de pila debido a una función recursiva, lo que conduce a una denegación de servicio (DoS). The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed include buffer overf... • https://access.redhat.com/errata/RHSA-2019:2101 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17282 – exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash
https://notcve.org/view.php?id=CVE-2018-17282
20 Sep 2018 — An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference. Se ha descubierto un problema en Exiv2 v0.26. La función Exiv2::DataValue::copy en value.cpp tiene una desreferencia de puntero NULL. The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17229 – exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp
https://notcve.org/view.php?id=CVE-2018-17229
19 Sep 2018 — Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. Exiv2::d2Data en types.cpp en Exiv2 v0.26 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) mediante un archivo de imagen manipulado. The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed incl... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17230 – exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp
https://notcve.org/view.php?id=CVE-2018-17230
19 Sep 2018 — Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. Exiv2::ul2Data en types.cpp en Exiv2 v0.26 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) mediante un archivo de imagen manipulado. The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed in... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-16336
https://notcve.org/view.php?id=CVE-2018-16336
02 Sep 2018 — Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. Exiv2::Internal::PngChunk::parseTXTChunk en Exiv2 v0.26 permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap) mediante un archivo de imagen manipulado. Esta vulnerabilidad es diferente de CVE-2018-10999. • https://github.com/Exiv2/exiv2/issues/400 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14338 – exiv2: buffer overflow in samples/geotag.cpp
https://notcve.org/view.php?id=CVE-2018-14338
17 Jul 2018 — samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow. samples/geotag.cpp en el código de ejemplo de Exiv2 0.26 utiliza erróneamente la función realpath en las plataformas POSIX (diferentes de la plataforma de Apple) donde no se emplea glibc. Esto podría conducir a un desbordamiento de búfer. The exiv2 packages provide a command line utility which can display and manipu... • https://github.com/Exiv2/exiv2/issues/382 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14046 – exiv2: heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp
https://notcve.org/view.php?id=CVE-2018-14046
13 Jul 2018 — Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp. Exiv2 0.26 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en WebPImage::decodeChunks en webpimage.cpp. The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed include denial of service, heap overflow, and null pointer vulnerabilities. • https://access.redhat.com/errata/RHSA-2019:2101 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 2CVE-2018-12264 – exiv2: integer overflow in getData function in preview.cpp
https://notcve.org/view.php?id=CVE-2018-12264
13 Jun 2018 — Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp. Exiv2 0.26 tiene desbordamientos de enteros en LoaderTiff::getData() en preview.cpp, lo que conduce a una lectura fuera de límites en Exiv2::ValueType::setDataArea en value.hpp. It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. It was discovered that Exiv2 incorrectly handled c... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •