Debian Exiv2 vulnerabilities

CVE-2018-16336 [MEDIUM] CVE-2018-16336: exiv2 - Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers ... Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. Scope: local bookworm: resolved (fixed in 0.27.2-6) bullseye: resolved (fixed in 0.27.2-6) forky: resolved (fixed in 0.27.2-6) sid: resolved (fixed in 0.27.

CVE-2018-19535 [MEDIUM] CVE-2018-19535: exiv2 - In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cp... In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file. Scope: local bookworm: resolved (fixed in 0.27.2-6) bullseye: resolved (fixed in 0.27.2-6) forky: resolved (fixed in 0.27.2-6) sid: resolved (fixed in 0.27.2-6) trixie: resolv

CVE-2018-10999 [MEDIUM] CVE-2018-10999: exiv2 - An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTCh... An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read. Scope: local bookworm: resolved (fixed in 0.25-4) bullseye: resolved (fixed in 0.25-4) forky: resolved (fixed in 0.25-4) sid: resolved (fixed in 0.25-4) trixie: resolved (fixed in 0.25-4)

CVE-2018-9305 [HIGH] CVE-2018-9305: exiv2 - In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could... In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-9304 [MEDIUM] CVE-2018-9304: exiv2 - In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp co... In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-14046 [HIGH] CVE-2018-14046: exiv2 - Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpi... Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-4868 [MEDIUM] CVE-2018-4868: exiv2 - The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows ... The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-10772 [MEDIUM] CVE-2018-10772: exiv2 - The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote a... The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-19107 [MEDIUM] CVE-2018-19107: exiv2 - In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp i... In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. Scope: local bookworm: resolved (fixed in 0.27.2-6) bullseye: resolved (fixed in 0.27.2-6) forky: resolved (fixed in 0.27.2-6) sid: resolv

CVE-2018-10780 [MEDIUM] CVE-2018-10780: exiv2 - Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-... Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-9303 [MEDIUM] CVE-2018-9303: exiv2 - In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cp... In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-17229 [MEDIUM] CVE-2018-17229: exiv2 - Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a den... Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-14338 [HIGH] CVE-2018-14338: exiv2 - samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath functi... samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-20098 [MEDIUM] CVE-2018-20098: exiv2 - There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp... There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-9145 [MEDIUM] CVE-2018-9145: exiv2 - In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists i... In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file. Scope: local bookworm: resolved bullseye: resolved f

CVE-2018-8976 [MEDIUM] CVE-2018-8976: exiv2 - In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service... In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. Scope: local bookworm: resolved (fixed in 0.27.2-6) bullseye: resolved (fixed in 0.27.2-6) forky: resolved (fixed in 0.27.2-6) sid: resolved (fixed in 0.27.2-6) trixie: resolved (fixed in 0.27.2-6)

CVE-2018-5772 [MEDIUM] CVE-2018-5772: exiv2 - In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in... In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-8977 [MEDIUM] CVE-2018-8977: exiv2 - In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp ... In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-11037 [MEDIUM] CVE-2018-11037: exiv2 - In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allo... In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file. Scope: local bookworm: resolved (fixed in 0.27.2-6) bullseye: resolved (fixed in 0.27.2-6) forky: resolved (fixed in 0.27.2-6) sid: resolved (fixed in 0.27.2-6) trixie: resolved (fixed in 0.27.2-6)

CVE-2018-20099 [MEDIUM] CVE-2018-20099: exiv2 - There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in... There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved