Exiv2

Exiv2

121 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2018-9145

Exploit
  • EPSS 0.35%
  • Veröffentlicht 30.03.2018 08:29:00
  • Zuletzt bearbeitet 21.11.2024 04:15:04

In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable ...

6.5

CVE-2018-8976

Exploit
  • EPSS 0.3%
  • Veröffentlicht 25.03.2018 03:29:00
  • Zuletzt bearbeitet 21.11.2024 04:14:43

In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.

6.5

CVE-2018-8977

Exploit
  • EPSS 0.37%
  • Veröffentlicht 25.03.2018 03:29:00
  • Zuletzt bearbeitet 21.11.2024 04:14:43

In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file.

6.5

CVE-2017-17722

Exploit
  • EPSS 0.3%
  • Veröffentlicht 12.02.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:18:31

In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file.

8.1

CVE-2017-17723

Exploit
  • EPSS 0.37%
  • Veröffentlicht 12.02.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:18:31

In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to disclose memory data or cause a denial of service via a crafted TIFF file.

6.5

CVE-2017-17724

Exploit
  • EPSS 0.65%
  • Veröffentlicht 12.02.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:18:31

In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the "!= 0x1c" case. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file.

6.5

CVE-2017-17725

Exploit
  • EPSS 0.3%
  • Veröffentlicht 12.02.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:18:32

In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of service via a crafted image file. Note that this vu...

5.5

CVE-2018-5772

Exploit
  • EPSS 0.32%
  • Veröffentlicht 18.01.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:21

In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif fil...

5.5

CVE-2018-4868

Exploit
  • EPSS 0.38%
  • Veröffentlicht 03.01.2018 09:29:00
  • Zuletzt bearbeitet 21.11.2024 04:07:36

The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.

5.5

CVE-2017-18005

Exploit
  • EPSS 0.11%
  • Veröffentlicht 31.12.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.