CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-29458 – Out-of-bounds read in Exiv2::Internal::CrwMap::encode
https://notcve.org/view.php?id=CVE-2021-29458
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. • https://github.com/Exiv2/exiv2/issues/1530 https://github.com/Exiv2/exiv2/pull/1536 https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5 https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN https://security.gentoo.org/glsa/202312-06 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3482 – exiv2: Heap-based buffer overflow in Jp2Image::readMetadata()
https://notcve.org/view.php?id=CVE-2021-3482
A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. Se encontró un fallo en Exiv2 en versiones anteriores e incluyendo 0.27.4-RC1. Una comprobación inapropiada de la entrada de la propiedad rawData.size en la función Jp2Image::readMetadata() en el archivo jp2image.cpp puede conllevar a un desbordamiento del búfer en la región stack de la memoria por medio de una imagen JPG diseñada que contiene datos EXIF ??maliciosos A flaw was found in Exiv2. • https://bugzilla.redhat.com/show_bug.cgi?id=1946314 https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN https://www.debian.org/security/2021/dsa-4958 https://access.redhat.com/security/cve/CVE-2021-3482 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-20421 – exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS
https://notcve.org/view.php?id=CVE-2019-20421
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. En la función Jp2Image::readMetadata() en el archivo jp2image.cpp en Exiv2 versión 0.27.2, un archivo de entrada puede generar un bucle infinito y suspensión, con un alto consumo de CPU. Los atacantes remotos podrían aprovechar esta vulnerabilidad para causar una denegación de servicio por medio de un archivo diseñado. A denial of service vulnerability was found in exiv2 in the way JPEG 2000 (JP2) metadata was read when processing an image file. • https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8 https://github.com/Exiv2/exiv2/issues/1011 https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html https://usn.ubuntu.com/4270-1 https://www.debian.org/security/2021/dsa-4958 https://access.redhat.com/security/cve/CVE-2019-20421 https://bugzilla.redhat.com/show_bug.cgi?id=1800472 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-17402 – exiv2: out-of-bounds read in CiffDirectory::readDirectory due to lack of size check
https://notcve.org/view.php?id=CVE-2019-17402
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size. Exiv2 versión 0.27.2, permite a atacantes activar un bloqueo en la función Exiv2::getULong en el archivo types.cpp cuando es llamada desde la función Exiv2::Internal::CiffDirectory::readDirectory en el archivo crwimage_int.cpp, porque no existe comprobación de la relación del tamaño total con el desplazamiento y el tamaño. An out of bounds read vulnerability was discovered in the way exiv2 parses Canon raw format (CRW) images. An application that uses exiv2 library to parse untrusted images may be vulnerable to this flaw, which could be used by an attacker to extract data from the application's memory or make it crash. The biggest threat with this vulnerability is availability of the system. • https://github.com/Exiv2/exiv2/issues/1019 https://lists.debian.org/debian-lts-announce/2019/12/msg00001.html https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://usn.ubuntu.com/4159-1 https://access.redhat.com/security/cve/CVE-2019-17402 https://bugzilla.redhat.com/show_bug.cgi?id=1773683 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14982
https://notcve.org/view.php?id=CVE-2019-14982
In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. It can lead to a buffer overflow vulnerability and a crash. En Exiv2 anterior a la versió v0.27.2, hay una vulnerabilidad de desbordamiento de enteros en la función WebPImage :: getHeaderOffset en webpimage.cpp. Puede provocar una vulnerabilidad de desbordamiento del búfer y un bloqueo. • https://github.com/Exiv2/exiv2/compare/v0.27.2-RC2...v0.27.2 https://github.com/Exiv2/exiv2/issues/960 https://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62 • CWE-190: Integer Overflow or Wraparound •