Published: 29/05/2018 Updated: 24/08/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.

Vulnerable Product	Search on Vulmon	Subscribe to Product
exiv2 exiv2 0.26
debian debian linux 9.0
debian debian linux 8.0
canonical ubuntu linux 16.04
canonical ubuntu linux 17.10
canonical ubuntu linux 18.04
canonical ubuntu linux 14.04

Several security issues were fixed in Exiv2 ...

Debian Bug report logs - #901706 exiv2: CVE-2018-12265 Package: src:exiv2; Maintainer for src:exiv2 is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 17 Jun 2018 06:33:01 UTC Severity: important Tags: fixed-upstream, security, upstream ...

Debian Bug report logs - #901707 exiv2: CVE-2018-12264 Package: src:exiv2; Maintainer for src:exiv2 is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 17 Jun 2018 06:39:02 UTC Severity: important Tags: fixed-upstream, security, upstream ...

Several vulnerabilities have been discovered in Exiv2, a C++ library and a command line utility to manage image metadata which could result in denial of service or the execution of arbitrary code if a malformed file is parsed For the stable distribution (stretch), these problems have been fixed in version 025-31+deb9u1 We recommend that you upg ...

CWE-787 https://github.com/Exiv2/exiv2/issues/283 https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html https://www.debian.org/security/2018/dsa-4238 https://usn.ubuntu.com/3700-1/https://security.gentoo.org/glsa/201811-14 https://usn.ubuntu.com/3700-1/https://nvd.nist.gov

CVE-2018-11531

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect