CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17230 – exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp
https://notcve.org/view.php?id=CVE-2018-17230
19 Sep 2018 — Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. Exiv2::ul2Data en types.cpp en Exiv2 v0.26 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) mediante un archivo de imagen manipulado. The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed in... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-16336
https://notcve.org/view.php?id=CVE-2018-16336
02 Sep 2018 — Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. Exiv2::Internal::PngChunk::parseTXTChunk en Exiv2 v0.26 permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap) mediante un archivo de imagen manipulado. Esta vulnerabilidad es diferente de CVE-2018-10999. • https://github.com/Exiv2/exiv2/issues/400 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14338 – exiv2: buffer overflow in samples/geotag.cpp
https://notcve.org/view.php?id=CVE-2018-14338
17 Jul 2018 — samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow. samples/geotag.cpp en el código de ejemplo de Exiv2 0.26 utiliza erróneamente la función realpath en las plataformas POSIX (diferentes de la plataforma de Apple) donde no se emplea glibc. Esto podría conducir a un desbordamiento de búfer. The exiv2 packages provide a command line utility which can display and manipu... • https://github.com/Exiv2/exiv2/issues/382 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14046 – exiv2: heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp
https://notcve.org/view.php?id=CVE-2018-14046
13 Jul 2018 — Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp. Exiv2 0.26 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en WebPImage::decodeChunks en webpimage.cpp. The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed include denial of service, heap overflow, and null pointer vulnerabilities. • https://access.redhat.com/errata/RHSA-2019:2101 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 2CVE-2018-12264 – exiv2: integer overflow in getData function in preview.cpp
https://notcve.org/view.php?id=CVE-2018-12264
13 Jun 2018 — Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp. Exiv2 0.26 tiene desbordamientos de enteros en LoaderTiff::getData() en preview.cpp, lo que conduce a una lectura fuera de límites en Exiv2::ValueType::setDataArea en value.hpp. It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. It was discovered that Exiv2 incorrectly handled c... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 2CVE-2018-12265 – exiv2: integer overflow in the LoaderExifJpeg class in preview.cpp
https://notcve.org/view.php?id=CVE-2018-12265
13 Jun 2018 — Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp. Exiv2 0.26 tiene un desbordamiento de enteros en la clase LoaderExifJpeg en preview.cpp, lo que conduce a una lectura fuera de límites en Exiv2::MemIo::read en basicio.cpp. It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain PN... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 1CVE-2018-11531 – Gentoo Linux Security Advisory 201811-14
https://notcve.org/view.php?id=CVE-2018-11531
29 May 2018 — Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. Exiv2 0.26 tiene un desbordamiento de búfer basado en memoria dinámica (heap) en getData en preview.cpp. It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain PNG files. • https://github.com/Exiv2/exiv2/issues/283 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11037 – exiv2: information leak via a crafted file
https://notcve.org/view.php?id=CVE-2018-11037
14 May 2018 — In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file. La función Exiv2::PngImage::printStructure en pngimage.cpp en Exiv2 0.26 permite que atacantes remotos provoquen una fuga de información mediante un archivo manipulado. The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed include buffer overflow, denial of servi... • https://access.redhat.com/errata/RHSA-2019:2101 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 1%CPEs: 10EXPL: 1CVE-2018-10998 – exiv2: SIGABRT by triggering an incorrect Safe::add call
https://notcve.org/view.php?id=CVE-2018-10998
12 May 2018 — An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. Se ha descubierto un problema en Exiv2 0.26. readMetadata en jp2image.cpp permite que atacantes remotos provoquen una denegación de servicio (SIGABRT) desencadenando una llamada Safe::add incorrecta. It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. It was d... • https://access.redhat.com/errata/RHSA-2019:2101 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2018-10999 – exiv2: heap-based buffer over-read in parseTXTChunk function
https://notcve.org/view.php?id=CVE-2018-10999
12 May 2018 — An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read. Se ha descubierto un problema en Exiv2 0.26. La función Exiv2::Internal::PngChunk::parseTXTChunk tiene una sobrelectura de búfer basada en memoria dinámica (heap). It was discovered that Exiv2 incorrectly handled certain files. • https://github.com/Exiv2/exiv2/issues/306 • CWE-125: Out-of-bounds Read •