CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-19535 – exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp
https://notcve.org/view.php?id=CVE-2018-19535
26 Nov 2018 — In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file. En la versión 0.26 de Exiv2 y en versiones anteriores, PngChunk::readRawProfile en pngchunk_int.cpp podría provocar un ataque de denegación de servicio (cierre inesperado de la aplicación debido a una sobrelectura de búfer basada en memoria dinámica o heap) mediante un archivo PNG manipulado. The exiv2 packages provid... • https://access.redhat.com/errata/RHSA-2019:2101 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-19107 – exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp
https://notcve.org/view.php?id=CVE-2018-19107
08 Nov 2018 — In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. En Exiv2 0.26, Exiv2::IptcParser::decode en iptc.cpp (llamado desde psdimage.cpp en el lector de imágenes PSD) puede sufrir una denegación de servicio (sobrelectura de búfer basada en memoria dinámica) causada por un desbordamiento de enteros a través de un archivo de imagen PSD ma... • https://access.redhat.com/errata/RHSA-2019:2101 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-19108 – exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp
https://notcve.org/view.php?id=CVE-2018-19108
08 Nov 2018 — In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. En Exiv2 0.26, Exiv2::PsdImage::readMetadata en psdimage.cpp en el lector de imágenes PSD puede sufrir una denegación de servicio (bucle infinito) causada por un desbordamiento de enteros a través de un archivo de imagen PSD manipulado. The exiv2 packages provide a command line utility which can display and manipu... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18915 – exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp
https://notcve.org/view.php?id=CVE-2018-18915
03 Nov 2018 — There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack. Hay un bucle infinito en la función Exiv2::Image::printIFDStructure de image.cpp en Exiv2 0.27-RC1. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. • https://access.redhat.com/errata/RHSA-2019:2101 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 2CVE-2018-17581 – exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service
https://notcve.org/view.php?id=CVE-2018-17581
28 Sep 2018 — CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. CiffDirectory::readDirectory() en crwimage_int.cpp en Exiv2 0.26 tiene un consumo excesivo de pila debido a una función recursiva, lo que conduce a una denegación de servicio (DoS). The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed include buffer overf... • https://access.redhat.com/errata/RHSA-2019:2101 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17282 – exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash
https://notcve.org/view.php?id=CVE-2018-17282
20 Sep 2018 — An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference. Se ha descubierto un problema en Exiv2 v0.26. La función Exiv2::DataValue::copy en value.cpp tiene una desreferencia de puntero NULL. The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17229 – exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp
https://notcve.org/view.php?id=CVE-2018-17229
19 Sep 2018 — Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. Exiv2::d2Data en types.cpp en Exiv2 v0.26 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) mediante un archivo de imagen manipulado. The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed incl... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17230 – exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp
https://notcve.org/view.php?id=CVE-2018-17230
19 Sep 2018 — Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. Exiv2::ul2Data en types.cpp en Exiv2 v0.26 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) mediante un archivo de imagen manipulado. The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed in... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-16336
https://notcve.org/view.php?id=CVE-2018-16336
02 Sep 2018 — Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. Exiv2::Internal::PngChunk::parseTXTChunk en Exiv2 v0.26 permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap) mediante un archivo de imagen manipulado. Esta vulnerabilidad es diferente de CVE-2018-10999. • https://github.com/Exiv2/exiv2/issues/400 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14338 – exiv2: buffer overflow in samples/geotag.cpp
https://notcve.org/view.php?id=CVE-2018-14338
17 Jul 2018 — samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow. samples/geotag.cpp en el código de ejemplo de Exiv2 0.26 utiliza erróneamente la función realpath en las plataformas POSIX (diferentes de la plataforma de Apple) donde no se emplea glibc. Esto podría conducir a un desbordamiento de búfer. The exiv2 packages provide a command line utility which can display and manipu... • https://github.com/Exiv2/exiv2/issues/382 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •