Page 9 of 86 results (0.009 seconds)

CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 2

Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp. Exiv2 0.26 tiene desbordamientos de enteros en LoaderTiff::getData() en preview.cpp, lo que conduce a una lectura fuera de límites en Exiv2::ValueType::setDataArea en value.hpp. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/366 https://github.com/TeamSeri0us/pocs/blob/master/exiv2/2-out-of-read-Poc https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html https://security.gentoo.org/glsa/201811-14 https://usn.ubuntu.com/3700-1 https://www.debian.org/security/2018/dsa-4238 https://access.redhat.com/security/cve/CVE-2018 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 1

Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. Exiv2 0.26 tiene un desbordamiento de búfer basado en memoria dinámica (heap) en getData en preview.cpp. • https://github.com/Exiv2/exiv2/issues/283 https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html https://security.gentoo.org/glsa/201811-14 https://usn.ubuntu.com/3700-1 https://www.debian.org/security/2018/dsa-4238 • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file. La función Exiv2::PngImage::printStructure en pngimage.cpp en Exiv2 0.26 permite que atacantes remotos provoquen una fuga de información mediante un archivo manipulado. • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/307 https://security.gentoo.org/glsa/201811-14 https://access.redhat.com/security/cve/CVE-2018-11037 https://bugzilla.redhat.com/show_bug.cgi?id=1579544 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1

An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read. Se ha descubierto un problema en Exiv2 0.26. La función Exiv2::Internal::PngChunk::parseTXTChunk tiene una sobrelectura de búfer basada en memoria dinámica (heap). • https://github.com/Exiv2/exiv2/issues/306 https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html https://security.gentoo.org/glsa/201811-14 https://usn.ubuntu.com/3700-1 https://www.debian.org/security/2018/dsa-4238 https://access.redhat.com/security/cve/CVE-2018-10999 https://bugzilla.redhat.com/show_bug.cgi?id=1579488 • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 1%CPEs: 10EXPL: 1

An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. Se ha descubierto un problema en Exiv2 0.26. readMetadata en jp2image.cpp permite que atacantes remotos provoquen una denegación de servicio (SIGABRT) desencadenando una llamada Safe::add incorrecta. • https://access.redhat.com/errata/RHSA-2019:2101 https://github.com/Exiv2/exiv2/issues/303 https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html https://security.gentoo.org/glsa/201811-14 https://usn.ubuntu.com/3700-1 https://www.debian.org/security/2018/dsa-4238 https://access.redhat.com/security/cve/CVE-2018-10998 https://bugzilla.redhat.com/show_bug.cgi?id=1579481 • CWE-400: Uncontrolled Resource Consumption •