Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exif vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2019-11042
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may...
Php Php
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Apple Mac Os X
Opensuse Leap 15.0
Redhat Software Collections 1.0
Tenable Tenable.sc
9.3
CVSSv2
CVE-2009-2188
Buffer overflow in ImageIO in Apple Mac OS X 10.5 prior to 10.5.8, and Safari prior to 4.0.3, allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
Apple Mac Os X 10.5.2
Apple Mac Os X Server 10.5.3
Apple Mac Os X Server 10.5.4
Apple Mac Os X 10.5.6
Apple Mac Os X 10.5
Apple Mac Os X 10.5.5
Apple Mac Os X Server 10.5.2
Apple Mac Os X 10.5.7
Apple Mac Os X 10.5.0
Apple Mac Os X 10.5.1
Apple Mac Os X Server 10.5
Apple Mac Os X Server 10.5.0
Apple Mac Os X Server 10.5.1
Apple Mac Os X Server 10.5.7
Apple Mac Os X 10.5.3
Apple Mac Os X 10.5.4
Apple Mac Os X Server 10.5.5
Apple Mac Os X Server 10.5.6
9.3
CVSSv2
CVE-2017-2960
Adobe Acrobat Reader versions 15.020.20042 and previous versions, 15.006.30244 and previous versions, 11.0.18 and previous versions have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of EXIF metadata. Successful exploitation cou...
Adobe Reader
Adobe Acrobat
Adobe Acrobat Reader Dc
Adobe Acrobat Dc
4.3
CVSSv2
CVE-2014-1980
Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo prior to 2.4.6 allows remote malicious users to inject arbitrary web script or HTML via the Make field in IPTC Exif metadata within an image uploaded to the Community plugin.
Piwigo Piwigo 2.4.2
Piwigo Piwigo 2.4.1
Piwigo Piwigo 2.4.0
Piwigo Piwigo 2.3.5
Piwigo Piwigo 2.3.4
Piwigo Piwigo 2.1.4
Piwigo Piwigo 2.1.3
Piwigo Piwigo 2.1.2
Piwigo Piwigo 2.1.1
Piwigo Piwigo
Piwigo Piwigo 2.4.3
Piwigo Piwigo 2.3.2
Piwigo Piwigo 2.3.0
Piwigo Piwigo 2.2.1
Piwigo Piwigo 2.1.6
Piwigo Piwigo 2.0.9
Piwigo Piwigo 2.0.7
Piwigo Piwigo 2.0.1
Piwigo Piwigo 2.2.5
Piwigo Piwigo 2.2.4
Piwigo Piwigo 2.2.3
Piwigo Piwigo 2.2.2
2.1
CVSSv2
CVE-2005-0406
A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.
Image Processing Project Image Processing -
2.6
CVSSv2
CVE-2014-2333
Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin prior to 1.1.21 for WordPress allows remote malicious users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information.
Marcel Brinkkemper Lazyest-gallery
Marcel Brinkkemper Lazyest-gallery 1.1.16
Marcel Brinkkemper Lazyest-gallery 1.1.15
Marcel Brinkkemper Lazyest-gallery 1.1.9.1
Marcel Brinkkemper Lazyest-gallery 1.1.9
Marcel Brinkkemper Lazyest-gallery 1.1.3.3
Marcel Brinkkemper Lazyest-gallery 1.1.3.2
Marcel Brinkkemper Lazyest-gallery 1.1.18
Marcel Brinkkemper Lazyest-gallery 1.1.17.4
Marcel Brinkkemper Lazyest-gallery 1.1.12
Marcel Brinkkemper Lazyest-gallery 1.1.11
Marcel Brinkkemper Lazyest-gallery 1.1.7.1
Marcel Brinkkemper Lazyest-gallery 1.1.7
Marcel Brinkkemper Lazyest-gallery 1.1.6
Marcel Brinkkemper Lazyest-gallery 1.1.2.1
Marcel Brinkkemper Lazyest-gallery 1.1.1.1
Marcel Brinkkemper Lazyest-gallery 1.1.19.1
Marcel Brinkkemper Lazyest-gallery 1.1.19
Marcel Brinkkemper Lazyest-gallery 1.1.14
Marcel Brinkkemper Lazyest-gallery 1.1.13
Marcel Brinkkemper Lazyest-gallery 1.1.8.1
Marcel Brinkkemper Lazyest-gallery 1.1.8
9.3
CVSSv2
CVE-2017-2964
Adobe Acrobat Reader versions 15.020.20042 and previous versions, 15.006.30244 and previous versions, 11.0.18 and previous versions have an exploitable memory corruption vulnerability in the image conversion engine, related to the parsing of JPEG EXIF metadata. Successful exploit...
Adobe Acrobat Dc
Adobe Acrobat Reader Dc
Adobe Reader
Adobe Acrobat
6.5
CVSSv2
CVE-2016-10751
osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajax_upload.
Osclass Osclass 3.6.1
10
CVSSv2
CVE-2007-6354
Unspecified vulnerability in exiftags prior to 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2007-6355.
Aertherwide Exiftags
Aertherwide Exiftags 0.98
Aertherwide Exiftags 0.96
Aertherwide Exiftags 0.91
Aertherwide Exiftags 0.80
Aertherwide Exiftags 0.95
Aertherwide Exiftags 0.94
Aertherwide Exiftags 0.93
Aertherwide Exiftags 0.92
Aertherwide Exiftags 0.99
Aertherwide Exiftags 0.97
Aertherwide Exiftags 0.90
10
CVSSv2
CVE-2007-6355
Integer overflow in exiftags prior to 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2007-6354.
Aertherwide Exiftags 0.95
Aertherwide Exiftags 0.97
Aertherwide Exiftags
Aertherwide Exiftags 0.99
Aertherwide Exiftags 0.90
Aertherwide Exiftags 0.80
Aertherwide Exiftags 0.92
Aertherwide Exiftags 0.91
Aertherwide Exiftags 0.94
Aertherwide Exiftags 0.93
Aertherwide Exiftags 0.96
Aertherwide Exiftags 0.98
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »