CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-18831
https://notcve.org/view.php?id=CVE-2020-18831
22 Aug 2023 — Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file. Vulnerabilidad de desbordamiento del búfer en la función tEXtToDataBuf en pngimage.cpp en Exiv2 0.27.1 que permite a atacantes remotos causar una denegación de servicio y otros impactos no especificados mediante el uso de un archivo manipulado. • https://github.com/Exiv2/exiv2/issues/828 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18898 – exiv2: stack exhaustion issue in the printIFDStructure function may lead to DoS
https://notcve.org/view.php?id=CVE-2020-18898
19 Aug 2021 — A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. Un problema de agotamiento de pila en la función printIFDStructure de Exiv2 versión 0.27, permite a atacantes remotos causar una denegación de servicio (DOS) por medio de un archivo diseñado. The exiv2 program is susceptible to a stack exhaustion issue via a crafted file. The cause of this vulnerability, is due to a flaw in the code which could allow remote ... • https://cwe.mitre.org/data/definitions/674.html • CWE-674: Uncontrolled Recursion CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18899 – Gentoo Linux Security Advisory 202312-06
https://notcve.org/view.php?id=CVE-2020-18899
19 Aug 2021 — An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input. Una asignación de memoria no controlada en la función DataBufdata(subBox.length-sizeof(box)) de Exiv2 versión 0.27, permite a atacantes causar una denegación de servicio (DOS) por medio de una entrada diseñada. Multiple vulnerabilities have been discovered in Exiv2, the worst of which can lead to remote code execution. Versions greater th... • https://cwe.mitre.org/data/definitions/789.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34334 – Denial of service due to integer overflow in loop counter
https://notcve.org/view.php?id=CVE-2021-34334
09 Aug 2021 — Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5. Exiv2 es una utilidad de línea de comandos y una biblioteca C++ para leer, escribir, borrar y modi... • https://github.com/Exiv2/exiv2/pull/1766 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-34335 – Denial of service due to FPE in Exiv2::Internal::resolveLens0xffff
https://notcve.org/view.php?id=CVE-2021-34335
09 Aug 2021 — Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only t... • https://github.com/Exiv2/exiv2/pull/1750 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-32815 – Denial of service due to assertion failure in crwimage_int.cpp
https://notcve.org/view.php?id=CVE-2021-32815
09 Aug 2021 — Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when modifying the metadata, which is a less frequently used Exiv2 operation than reading t... • https://github.com/Exiv2/exiv2/pull/1739 • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37615 – Null pointer dereference in Exiv2::Internal::resolveLens0x319
https://notcve.org/view.php?id=CVE-2021-37615
09 Aug 2021 — Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when prin... • https://github.com/Exiv2/exiv2/pull/1758 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37616 – Null pointer dereference in Exiv2::Internal::resolveLens0x8ff
https://notcve.org/view.php?id=CVE-2021-37616
09 Aug 2021 — Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when prin... • https://github.com/Exiv2/exiv2/pull/1758 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37618 – Out-of-bounds read in Exiv2::Jp2Image::printStructure
https://notcve.org/view.php?id=CVE-2021-37618
09 Aug 2021 — Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the im... • https://github.com/Exiv2/exiv2/pull/1759 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37619 – Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
https://notcve.org/view.php?id=CVE-2021-37619
09 Aug 2021 — Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when... • https://github.com/Exiv2/exiv2/pull/1752 • CWE-125: Out-of-bounds Read •