Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exif vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-14280
In some circumstances, Craft 2 prior to 2.7.10 and 3 prior to 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.
Craftcms Craft Cms
1 EDB exploit
5
CVSSv2
CVE-2006-6297
Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote malicious users to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which res...
Kde Kdegraphics 3.2
Kde Kdegraphics 3.4.3
4.3
CVSSv2
CVE-2012-0260
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick prior to 6.7.6-3 allows remote malicious users to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
Imagemagick Imagemagick
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 13.10
Debian Debian Linux 6.0
Redhat Storage 2.0
Redhat Enterprise Linux Aus 6.2
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Eus 6.2
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Server Eus 6.2
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Workstation 6.0
Opensuse Opensuse 11.4
Opensuse Opensuse 12.1
4.3
CVSSv2
CVE-2009-2687
The exif_read_data function in the Exif module in PHP prior to 5.2.10 allows remote malicious users to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
Php Php
Debian Debian Linux 5.0
Debian Debian Linux 4.0
Debian Debian Linux 6.0
10
CVSSv2
CVE-2004-0981
Buffer overflow in the EXIF parsing routine in ImageMagick prior to 6.1.0 allows remote malicious users to execute arbitrary code via a certain image file.
Imagemagick Imagemagick 5.4.8
Imagemagick Imagemagick 5.4.8.2.1.1.0
Imagemagick Imagemagick 6.0.4
Imagemagick Imagemagick 6.0.5
Imagemagick Imagemagick 5.3.3
Imagemagick Imagemagick 5.4.3
Imagemagick Imagemagick 5.5.7
Imagemagick Imagemagick 6.0
Imagemagick Imagemagick 5.5.3.2.1.2.0
Imagemagick Imagemagick 5.5.6.0 2003-04-09
Imagemagick Imagemagick 6.0.6
Imagemagick Imagemagick 6.0.7
Imagemagick Imagemagick 6.0.8
Imagemagick Imagemagick 5.4.4.5
Imagemagick Imagemagick 5.4.7
Imagemagick Imagemagick 6.0.1
Imagemagick Imagemagick 6.0.3
Debian Debian Linux 3.0
Gentoo Linux
Suse Suse Linux 8.0
Suse Suse Linux 9.0
Suse Suse Linux 8.1
NA
CVE-2023-0645
An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca...
Libjxl Project Libjxl
4.3
CVSSv2
CVE-2005-2734
Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
Gallery Project Gallery 1.4
Gallery Project Gallery 1.4.1
Gallery Project Gallery 1.4.4 Pl5
Gallery Project Gallery 1.4 Pl1
Gallery Project Gallery 1.4.2
Gallery Project Gallery 1.4.3 Pl1
Gallery Project Gallery 1.4 Pl2
Gallery Project Gallery 1.5
Gallery Project Gallery 1.4.3 Pl2
Gallery Project Gallery 1.4.4 Pl2
Gallery Project Gallery 1.5.1
Gallery Project Gallery 1.5.1 Rc2
Gallery Project Gallery 1.4.4 Pl3
Gallery Project Gallery 1.4.4 Pl4
6.4
CVSSv2
CVE-2011-4566
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote malicious users to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF head...
Php Php 5.4.0
Php Php
Debian Debian Linux 5.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
NA
CVE-2024-3097
The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated malicious users to ...
Imagely Nextgen Gallery
4.3
CVSSv2
CVE-2014-9092
libjpeg-turbo prior to 1.3.1 allows remote malicious users to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
Libjpeg-turbo Libjpeg-turbo
Fedoraproject Fedora 20
Fedoraproject Fedora 21
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »