CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-13114 – exiv2: null-pointer dereference in http.c causing denial of service
https://notcve.org/view.php?id=CVE-2019-13114
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. En el archivo http.c en Exiv2 hasta la versión 0.27.1, permite a un servidor http malicioso causar una denegación de servicio (bloqueo debido a una desreferencia del puntero NULL) mediante el retorno de una respuesta creada que carece de un carácter espacio. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html https://github.com/Exiv2/exiv2/issues/793 https://github.com/Exiv2/exiv2/pull/815 https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC https://support.f5.com/csp/article/K45429077?utm_source=f5support&%3Butm_medium=RSS https://usn.ubuntu.com/4056-1 https://access.redhat.com/securi • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9144
https://notcve.org/view.php?id=CVE-2019-9144
An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Se ha descubierto un problema en Exiv2 0.27. • http://www.securityfocus.com/bid/107161 https://github.com/Exiv2/exiv2/issues/712 https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2anonymous-namespacebigtiffimageprintifd-exiv2-0-27 • CWE-674: Uncontrolled Recursion •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9143 – exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service
https://notcve.org/view.php?id=CVE-2019-9143
An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Se ha descubierto un problema en Exiv2 0.27. • http://www.securityfocus.com/bid/107161 https://github.com/Exiv2/exiv2/issues/711 https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2imageprinttiffstructure-exiv2-0-27 https://access.redhat.com/security/cve/CVE-2019-9143 https://bugzilla.redhat.com/show_bug.cgi?id=1684381 • CWE-674: Uncontrolled Recursion CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20099 – exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-20099
There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. Hay un bucle infinito en Exiv2::Jp2Image::encodeJp2Header de jp2image.cpp en Exiv2 0.27-RC3. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/590 https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA https://access.redhat.com/security/cve/CVE-2018-20099 https://bugzilla.redhat.com/show_bug.cgi?id=1660426 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20098 – exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-20098
There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. Existe una sobrelectura de búfer basada en memoria dinámica (heap) en Exiv2::Jp2Image::encodeJp2Header de jp2image.cpp en Exiv2 0.27-RC3. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/590 https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA https://access.redhat.com/security/cve/CVE-2018-20098 https://bugzilla.redhat.com/show_bug.cgi?id=1660425 • CWE-125: Out-of-bounds Read •