CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-19108 – exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp
https://notcve.org/view.php?id=CVE-2018-19108
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. En Exiv2 0.26, Exiv2::PsdImage::readMetadata en psdimage.cpp en el lector de imágenes PSD puede sufrir una denegación de servicio (bucle infinito) causada por un desbordamiento de enteros a través de un archivo de imagen PSD manipulado. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/426 https://github.com/Exiv2/exiv2/pull/518 https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://usn.ubuntu.com/4056-1 https://access.redhat.com/security/cve/CVE-2018-19108 https://bugzilla.redhat.com/show_bug.cgi?id=16491 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-19107 – exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp
https://notcve.org/view.php?id=CVE-2018-19107
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. En Exiv2 0.26, Exiv2::IptcParser::decode en iptc.cpp (llamado desde psdimage.cpp en el lector de imágenes PSD) puede sufrir una denegación de servicio (sobrelectura de búfer basada en memoria dinámica) causada por un desbordamiento de enteros a través de un archivo de imagen PSD manipulado. • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/427 https://github.com/Exiv2/exiv2/pull/518 https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://usn.ubuntu.com/4056-1 https://access.redhat.com/security/cve/CVE-2018-19107 https://bugzilla.redhat.com/show_bug.cgi?id=1649094 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 2CVE-2018-17581 – exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service
https://notcve.org/view.php?id=CVE-2018-17581
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. CiffDirectory::readDirectory() en crwimage_int.cpp en Exiv2 0.26 tiene un consumo excesivo de pila debido a una función recursiva, lo que conduce a una denegación de servicio (DoS). • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/460 https://github.com/SegfaultMasters/covering360/blob/master/Exiv2 https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://usn.ubuntu.com/3852-1 https://access.redhat.com/security/cve/CVE-2018-17581 https://bugzilla.redhat.com/show_bug.cgi?id=1635045 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17282 – exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash
https://notcve.org/view.php?id=CVE-2018-17282
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference. Se ha descubierto un problema en Exiv2 v0.26. La función Exiv2::DataValue::copy en value.cpp tiene una desreferencia de puntero NULL. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/457 https://access.redhat.com/security/cve/CVE-2018-17282 https://bugzilla.redhat.com/show_bug.cgi?id=1632490 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17229 – exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp
https://notcve.org/view.php?id=CVE-2018-17229
Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. Exiv2::d2Data en types.cpp en Exiv2 v0.26 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) mediante un archivo de imagen manipulado. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html https://github.com/Exiv2/exiv2/issues/453 https://access.redhat.com/security/cve/CVE-2018-17229 https://bugzilla.redhat.com/show_bug.cgi?id=1632481 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •