CVE-2020-18831
https://notcve.org/view.php?id=CVE-2020-18831
Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file. Vulnerabilidad de desbordamiento del búfer en la función tEXtToDataBuf en pngimage.cpp en Exiv2 0.27.1 que permite a atacantes remotos causar una denegación de servicio y otros impactos no especificados mediante el uso de un archivo manipulado. • https://github.com/Exiv2/exiv2/issues/828 https://www.exiv2.org/download.html • CWE-787: Out-of-bounds Write •
CVE-2021-34335 – Denial of service due to FPE in Exiv2::Internal::resolveLens0xffff
https://notcve.org/view.php?id=CVE-2021-34335
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). • https://github.com/Exiv2/exiv2/pull/1750 https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC https://security.gentoo.org/glsa/202312-06 • CWE-369: Divide By Zero •
CVE-2021-34334 – Denial of service due to integer overflow in loop counter
https://notcve.org/view.php?id=CVE-2021-34334
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5. Exiv2 es una utilidad de línea de comandos y una biblioteca C++ para leer, escribir, borrar y modificar los metadatos de los archivos de imagen. • https://github.com/Exiv2/exiv2/pull/1766 https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC https://security.gentoo.org/glsa/202312-06 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2021-37623 – Denial of service due to infinite loop in JpegBase::printStructure (#2)
https://notcve.org/view.php?id=CVE-2021-37623
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). • https://github.com/Exiv2/exiv2/pull/1790 https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC https://security.gentoo.org/glsa/202312-06 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2021-37615 – Null pointer dereference in Exiv2::Internal::resolveLens0x319
https://notcve.org/view.php?id=CVE-2021-37615
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). • https://github.com/Exiv2/exiv2/pull/1758 https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC https://security.gentoo.org/glsa/202312-06 • CWE-476: NULL Pointer Dereference •