Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exif vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-1501
Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x prior to 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote malicious users to inject arbitrary web script or HTML via EXIF tags in an image.
Exif Exif 5.x-1.1
Exif Exif 6.x-1.x
Exif Exif 5.x-1.0
Exif Exif 5.x-1.x
6.5
CVSSv3
CVE-2021-21235
kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::read_from_container can cause an infinite loop when a crafted PNG file is given. This is fixed in version 0.5...
Kamadak-exif Project Kamadak-exif 0.5.2
NA
CVE-2014-100007
Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin prior to 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information.
Hk Exif Tags Project Hk Exif Tags
NA
CVE-2012-2845
Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote malicious users to cause a denial of service (buffer over-read and application crash) or obtain potentially sensitive information via a crafted JPEG file.
Curtis Galloway Exif 0.6.20
NA
CVE-2015-1362
Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote malicious users to execute arbitrary code via a long string in the maker element in an XML file.
Two Pilots Exif Pilot 4.7.2
1 EDB exploit
5.5
CVSSv3
CVE-2021-27815
NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and previous versions allows malicious users to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash.
Libexif Project Exif
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
NA
CVE-2005-4676
Buffer overflow in Andreas Huggel Exiv2 prior to 0.9 does not null terminate strings before calling the sscanf function, which allows remote malicious users to cause a denial of service (application crash) via images with crafted IPTC metadata.
Andreas Huggel Exiv2 0.4
Andreas Huggel Exiv2 0.5
Andreas Huggel Exiv2 0.6.2
Andreas Huggel Exiv2 0.7
Andreas Huggel Exiv2 0.3
Andreas Huggel Exiv2 0.8
Andreas Huggel Exiv2 0.6
Andreas Huggel Exiv2 0.6.1
1 EDB exploit
6.1
CVSSv3
CVE-2019-11870
Serendipity prior to 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
S9y Serendipity
NA
CVE-2024-4453
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote malicious users to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but att...
NA
CVE-2007-6353
Integer overflow in exif.cpp in exiv2 library allows context-dependent malicious users to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
Exiv2 Exiv2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »