CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26623 – Use After Free in Exiv2
https://notcve.org/view.php?id=CVE-2025-26623
18 Feb 2025 — Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. • https://github.com/Exiv2/exiv2/issues/3168 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39695 – Exiv2 has an out-of-bounds read in AsfVideo::streamProperties
https://notcve.org/view.php?id=CVE-2024-39695
08 Jul 2024 — Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3. • https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24826 – Out-of-bounds read in QuickTimeVideo::NikonTagsDecoder in Exiv2
https://notcve.org/view.php?id=CVE-2024-24826
12 Feb 2024 — Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. • https://github.com/Exiv2/exiv2/pull/2337 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25112 – Denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder in Exiv2
https://notcve.org/view.php?id=CVE-2024-25112
12 Feb 2024 — Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in v... • https://github.com/Exiv2/exiv2/pull/2337 • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44398 – Out-of-bounds write in exiv2
https://notcve.org/view.php?id=CVE-2023-44398
06 Nov 2023 — Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the v... • https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-18831
https://notcve.org/view.php?id=CVE-2020-18831
22 Aug 2023 — Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file. Vulnerabilidad de desbordamiento del búfer en la función tEXtToDataBuf en pngimage.cpp en Exiv2 0.27.1 que permite a atacantes remotos causar una denegación de servicio y otros impactos no especificados mediante el uso de un archivo manipulado. • https://github.com/Exiv2/exiv2/issues/828 • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-18771 – Gentoo Linux Security Advisory 202312-06
https://notcve.org/view.php?id=CVE-2020-18771
23 Aug 2021 — Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak. Exiv2 versión 0.27.99.0, presenta una lectura excesiva del búfer global en la función Exiv2::Internal::Nikon1MakerNote::print0x0088 en el archivo nikonmn_int.cpp que puede resultar en un filtrado de información. Multiple vulnerabilities have been discovered in Exiv2, the worst of which can lead to remote code execution. Versions greater than or equal to 0... • https://cwe.mitre.org/data/definitions/126.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18773 – Gentoo Linux Security Advisory 202312-06
https://notcve.org/view.php?id=CVE-2020-18773
23 Aug 2021 — An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. Un acceso no válido a la memoria en la función decode en el archivo iptc.cpp de Exiv2 versión 0.27.99.0, permite a atacantes causar una denegación de servicio (DOS) por medio de un archivo tif diseñado. Multiple vulnerabilities have been discovered in Exiv2, the worst of which can lead to remote code execution. Versions greater than or equal to 0.28.1 are... • https://github.com/Exiv2/exiv2/issues/760 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18774 – Gentoo Linux Security Advisory 202312-06
https://notcve.org/view.php?id=CVE-2020-18774
23 Aug 2021 — A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. Una excepción de punto flotante en la función printLong en el archivo tags_int.cpp de Exiv2 versión 0.27.99.0, permite a atacantes causar una denegación de servicio (DOS) por medio de un archivo tif diseñado. Multiple vulnerabilities have been discovered in Exiv2, the worst of which can lead to remote code execution. Versions greater than or equal t... • https://github.com/Exiv2/exiv2/issues/759 • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18898 – exiv2: stack exhaustion issue in the printIFDStructure function may lead to DoS
https://notcve.org/view.php?id=CVE-2020-18898
19 Aug 2021 — A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. Un problema de agotamiento de pila en la función printIFDStructure de Exiv2 versión 0.27, permite a atacantes remotos causar una denegación de servicio (DOS) por medio de un archivo diseñado. The exiv2 program is susceptible to a stack exhaustion issue via a crafted file. The cause of this vulnerability, is due to a flaw in the code which could allow remote ... • https://cwe.mitre.org/data/definitions/674.html • CWE-674: Uncontrolled Recursion CWE-787: Out-of-bounds Write •