Debian Exiv2 vulnerabilities

CVE-2021-37616 [MEDIUM] CVE-2021-37616: exiv2 - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, ... Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to ca

CVE-2021-32815 [MEDIUM] CVE-2021-32815: exiv2 - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, ... Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a craf

CVE-2021-29458 [MEDIUM] CVE-2021-29458: exiv2 - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, ... Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial

CVE-2021-37615 [MEDIUM] CVE-2021-37615: exiv2 - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, ... Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to ca

CVE-2021-29470 [MEDIUM] CVE-2021-29470: exiv2 - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, ... Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial

CVE-2021-34335 [MEDIUM] CVE-2021-34335: exiv2 - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, ... Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the v

CVE-2021-34334 [MEDIUM] CVE-2021-34334: exiv2 - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, ... Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted ima

CVE-2021-29473 [LOW] CVE-2021-29473: exiv2 - Exiv2 is a C++ library and a command-line utility to read, write, delete and mod... Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is use

CVE-2021-29623 [LOW] CVE-2021-29623: exiv2 - Exiv2 is a C++ library and a command-line utility to read, write, delete and mod... Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The read of uninitialized memory is triggere

CVE-2021-29464 [LOW] CVE-2021-29464: exiv2 - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, ... Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, i

CVE-2021-29463 [LOW] CVE-2021-29463: exiv2 - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, ... Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of

CVE-2020-18771 [HIGH] CVE-2020-18771: exiv2 - Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNot... Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak. Scope: local bookworm: resolved (fixed in 0.27.2-6) bullseye: resolved (fixed in 0.27.2-6) forky: resolved (fixed in 0.27.2-6) sid: resolved (fixed in 0.27.2-6) trixie: resolved (fixed in 0.27.2-6)

CVE-2020-18831 [HIGH] CVE-2020-18831: exiv2 - Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2... Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file. Scope: local bookworm: resolved (fixed in 0.27.2-6) bullseye: resolved (fixed in 0.27.2-6) forky: resolved (fixed in 0.27.2-6) sid: resolved (fixed in 0.27.2-6) trixie: resol

CVE-2020-19716 [MEDIUM] CVE-2020-19716: exiv2 - A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0... A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). Scope: local bookworm: resolved (fixed in 0.27.2-6) bullseye: resolved (fixed in 0.27.2-6) forky: resolved (fixed in 0.27.2-6) sid: resolved (fixed in 0.27.2-6) trixie: resolved (fixed in 0.27.2-6)

CVE-2020-18899 [MEDIUM] CVE-2020-18899: exiv2 - An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) func... An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input. Scope: local bookworm: resolved (fixed in 0.27.2-6) bullseye: resolved (fixed in 0.27.2-6) forky: resolved (fixed in 0.27.2-6) sid: resolved (fixed in 0.27.2-6) trixie: resolved (fixed in 0.27.2-6

CVE-2020-18773 [MEDIUM] CVE-2020-18773: exiv2 - An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 a... An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2020-18774 [MEDIUM] CVE-2020-18774: exiv2 - A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.... A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2020-18898 [MEDIUM] CVE-2020-18898: exiv2 - A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows ... A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2019-17402 [MEDIUM] CVE-2019-17402: exiv2 - Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp... Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size. Scope: local bookworm: resolved (fixed in 0.27.3-1) bullseye: resolved (fixed in 0.27.3-1) forky: resolved (fi

CVE-2019-14369 [MEDIUM] CVE-2019-14369: exiv2 - Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attack... Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file. Scope: local bookworm: resolved (fixed in 0.27.2-6) bullseye: resolved (fixed in 0.27.2-6) forky: resolved (fixed in 0.27.2-6) sid: resolved (fixed in 0.27.2-6) trixie: resolved (fixed in 0.27.2-6)