Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exif vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-9092
libjpeg-turbo prior to 1.3.1 allows remote malicious users to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
Libjpeg-turbo Libjpeg-turbo
Fedoraproject Fedora 20
Fedoraproject Fedora 21
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
5
CVSSv2
CVE-2019-10109
An Information Exposure issue (issue 1 of 2) exists in GitLab Community and Enterprise Edition prior to 11.7.8, 11.8.x prior to 11.8.4, and 11.9.x prior to 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the u...
Gitlab Gitlab
5
CVSSv2
CVE-2019-9639
An issue exists in the EXIF component in PHP prior to 7.1.27, 7.2.x prior to 7.2.16, and 7.3.x prior to 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
Php Php
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Opensuse Leap 15.0
Opensuse Leap 15.1
Opensuse Leap 42.3
Netapp Storage Automation Store -
Redhat Software Collections 1.0
7.5
CVSSv2
CVE-2005-1042
Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP prior to 4.3.11 may allow remote malicious users to execute arbitrary code via an IFD tag that leads to a negative byte count.
Php Php 4.3.4
Php Php 4.3.5
Php Php 4.3.2
Php Php 4.3.3
Php Php 4.3.1
Php Php 4.3.10
Php Php 4.3.8
Php Php 4.3.9
Php Php 4.3.0
Php Php 4.3.6
Php Php 4.3.7
7.5
CVSSv2
CVE-2020-0452
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interacti...
Google Android 8.0
Google Android 8.1
Google Android 9.0
Google Android 10.0
Google Android 11.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
6.4
CVSSv2
CVE-2019-11039
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.
Php Php
Redhat Software Collections 1.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Debian Debian Linux 9.0
Debian Debian Linux 10.0
6.4
CVSSv2
CVE-2006-2330
PHP-Fusion 6.00.306 and previous versions, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which...
Php Fusion Php Fusion 6.00.110
Php Fusion Php Fusion 6.00.204
Php Fusion Php Fusion 6.00.107
Php Fusion Php Fusion 6.00.109
Php Fusion Php Fusion 6.00.206
Php Fusion Php Fusion 6.00.3
Php Fusion Php Fusion 6.00.303
Php Fusion Php Fusion 6.00.105
Php Fusion Php Fusion 6.00.106
Php Fusion Php Fusion 6.00.304
Php Fusion Php Fusion 6.00.306
1 EDB exploit
7.5
CVSSv2
CVE-2009-3292
Unspecified vulnerability in PHP prior to 5.2.11, and 5.3.x prior to 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."
Php Php 4.3.2
Php Php 4.3.11
Php Php 4.2.3
Php Php 5.0
Php Php 4.4.0
Php Php 4.4.1
Php Php 4.4.2
Php Php 5.0.0
Php Php 1.0
Php Php 2.0b10
Php Php 3.0.11
Php Php 3.0.10
Php Php 3.0.4
Php Php 3.0.3
Php Php 3.0.9
Php Php 4.0
Php Php 4.0.0
Php Php 4.0.4
Php Php 4.0.3
Php Php 4.0.7
Php Php 5.1.4
Php Php 5.1.5
7.5
CVSSv2
CVE-2019-19790
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote malicious user to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in ...
Telerik Radchart
Telerik Ui For Asp.net Ajax -
6.8
CVSSv2
CVE-2018-17088
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote malicious user to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF...
Jhead Project Jhead 3.00
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »