exiv2 vulnerabilities and exploits

4.3
CVSSv2
CVE-2017-17725

In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of service via a crafted image file. Note that this vulnerability is different from...

Exiv2
4.3
CVSSv2
CVE-2017-1000127

Exiv2 0.26 contains a heap buffer overflow in tiff parser...

Exiv2
4.3
CVSSv2
CVE-2017-11339

There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack....

Exiv2
5.8
CVSSv2
CVE-2018-9305

In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case....

Exiv2
4.3
CVSSv2
CVE-2019-14369

Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file....

4.3
CVSSv2
CVE-2019-14370

In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service....

6.8
CVSSv2
CVE-2019-14368

Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp....

4.3
CVSSv2
CVE-2019-13504

There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2....

Exiv2
4.3
CVSSv2
CVE-2019-13114

http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character....

4.3
CVSSv2
CVE-2017-12957

There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service....

Exiv2