Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exiv2 exiv2 0.27 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-9144
An issue exists in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an malicious user to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Exiv2 Exiv2 0.27
8.8
CVSSv3
CVE-2019-9143
An issue exists in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an malicious user to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Exiv2 Exiv2 0.27
8.8
CVSSv3
CVE-2018-14046
Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.
Exiv2 Exiv2 0.26
8.8
CVSSv3
CVE-2018-12264
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
Exiv2 Exiv2 0.26
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
8.8
CVSSv3
CVE-2018-12265
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
Exiv2 Exiv2 0.26
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
8.1
CVSSv3
CVE-2018-9305
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case.
Exiv2 Exiv2
6.5
CVSSv3
CVE-2020-18898
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote malicious users to cause a denial of service (DOS) via a crafted file.
Exiv2 Exiv2 0.27
6.5
CVSSv3
CVE-2020-18899
An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows malicious users to cause a denial of service (DOS) via a crafted input.
Exiv2 Exiv2 0.27
6.5
CVSSv3
CVE-2018-20096
There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
Exiv2 Exiv2 0.27
6.5
CVSSv3
CVE-2018-20097
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
Exiv2 Exiv2 0.27
Debian Debian Linux 8.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Dekstop 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »