CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-13114 – exiv2: null-pointer dereference in http.c causing denial of service
https://notcve.org/view.php?id=CVE-2019-13114
30 Jun 2019 — http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. En el archivo http.c en Exiv2 hasta la versión 0.27.1, permite a un servidor http malicioso causar una denegación de servicio (bloqueo debido a una desreferencia del puntero NULL) mediante el retorno de una respuesta creada que carece de un carácter espacio. It was discovered that Exiv2 incorrectly handled certain P... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9143 – exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service
https://notcve.org/view.php?id=CVE-2019-9143
25 Feb 2019 — An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Se ha descubierto un problema en Exiv2 0.27. • http://www.securityfocus.com/bid/107161 • CWE-674: Uncontrolled Recursion CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 2CVE-2019-9144
https://notcve.org/view.php?id=CVE-2019-9144
25 Feb 2019 — An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Se ha descubierto un problema en Exiv2 0.27. • http://www.securityfocus.com/bid/107161 • CWE-674: Uncontrolled Recursion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-20096 – exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-20096
12 Dec 2018 — There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. Existe una sobrelectura de búfer basada en memoria dinámica (heap) en la función Exiv2::tEXtToDataBuf de pngimage.cpp en la versión 0.27-RC3 de Exiv2. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. The exiv2 packages provide a command line utility which can display and manipulate... • https://access.redhat.com/errata/RHSA-2019:2101 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20098 – exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-20098
12 Dec 2018 — There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. Existe una sobrelectura de búfer basada en memoria dinámica (heap) en Exiv2::Jp2Image::encodeJp2Header de jp2image.cpp en Exiv2 0.27-RC3. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. The exiv2 packages provide a command line utility which can display and manipulate image metadat... • https://access.redhat.com/errata/RHSA-2019:2101 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20099 – exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-20099
12 Dec 2018 — There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. Hay un bucle infinito en Exiv2::Jp2Image::encodeJp2Header de jp2image.cpp en Exiv2 0.27-RC3. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. • https://access.redhat.com/errata/RHSA-2019:2101 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 2CVE-2018-20097 – exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function
https://notcve.org/view.php?id=CVE-2018-20097
12 Dec 2018 — There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. Hay un SEGV en Exiv2::Internal::TiffParserWorker::findPrimaryGroups en tiffimage_int.cpp en Exiv2 0.27-RC3. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JP... • https://access.redhat.com/errata/RHSA-2019:2101 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19607 – exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp
https://notcve.org/view.php?id=CVE-2018-19607
27 Nov 2018 — Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. Exiv2::isoSpeed en easyaccess.cpp en Exiv2 v0.27-RC2 permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y bloqueo de aplicación) mediante un archivo manipulado. The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG co... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18915 – exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp
https://notcve.org/view.php?id=CVE-2018-18915
03 Nov 2018 — There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack. Hay un bucle infinito en la función Exiv2::Image::printIFDStructure de image.cpp en Exiv2 0.27-RC1. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. • https://access.redhat.com/errata/RHSA-2019:2101 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 2CVE-2018-17581 – exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service
https://notcve.org/view.php?id=CVE-2018-17581
28 Sep 2018 — CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. CiffDirectory::readDirectory() en crwimage_int.cpp en Exiv2 0.26 tiene un consumo excesivo de pila debido a una función recursiva, lo que conduce a una denegación de servicio (DoS). The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed include buffer overf... • https://access.redhat.com/errata/RHSA-2019:2101 • CWE-400: Uncontrolled Resource Consumption •