Debian Exiv2 vulnerabilities

125 known vulnerabilities affecting debian/exiv2.

Total CVEs

125

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL1HIGH6MEDIUM33LOW85

Vulnerabilities

Page 5 of 7

CVE-2018-17230LOWCVSS 6.52018

CVE-2018-17230 [MEDIUM] CVE-2018-17230: exiv2 - Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a de... Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2018-17581LOWCVSS 6.5fixed in exiv2 0.27.2-6 (bookworm)2018

CVE-2018-17581 [MEDIUM] CVE-2018-17581: exiv2 - CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive s... CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. Scope: local bookworm: resolved (fixed in 0.27.2-6) bullseye: resolved (fixed in 0.27.2-6) forky: resolved (fixed in 0.27.2-6) sid: resolved (fixed in 0.27.2-6) trixie: resolved (fixed in 0.27.2-6)

debian

CVE-2018-9144LOWCVSS 8.1fixed in exiv2 0.27.2-6 (bookworm)2018

CVE-2018-9144 [HIGH] CVE-2018-9144: exiv2 - In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString... In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure. Scope: local bookworm: resolved (fixed in 0.27.2-6) bullseye: resolved (fixed in 0.27.2-6) forky: resolved (fixed in 0.27.2-6) sid: resolved (fixed in 0.27.2-6) trixie: resolved (fixed in 0.27.2-6)

debian

CVE-2018-17282LOWCVSS 6.52018

CVE-2018-17282 [MEDIUM] CVE-2018-17282: exiv2 - An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in v... An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2018-20096LOWCVSS 6.52018

CVE-2018-20096 [MEDIUM] CVE-2018-20096: exiv2 - There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of p... There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2018-20097LOWCVSS 6.5fixed in exiv2 0.27.2-6 (bookworm)2018

CVE-2018-20097 [MEDIUM] CVE-2018-20097: exiv2 - There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffi... There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. Scope: local bookworm: resolved (fixed in 0.27.2-6) bullseye: resolved (fixed in 0.27.2-6) forky: resolved (fixed in 0.27.2-6) sid: resolved (fixed in 0.27.2-6) trixie: resolved (fixed in 0.27

debian

CVE-2018-19607LOWCVSS 6.52018

CVE-2018-19607 [MEDIUM] CVE-2018-19607: exiv2 - Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to ... Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2018-18915LOWCVSS 6.52018

CVE-2018-18915 [MEDIUM] CVE-2018-18915: exiv2 - There is an infinite loop in the Exiv2::Image::printIFDStructure function of ima... There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2017-17669MEDIUMCVSS 5.5fixed in exiv2 0.27.2-6 (bookworm)2017

CVE-2017-17669 [MEDIUM] CVE-2017-17669: exiv2 - There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTC... There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. Scope: local bookworm: resolved (fixed in 0.27.2-6) bullseye: resolved (fixed in 0.27.2-6) forky: resolved (fixed in 0.27.2-6) sid: resolved (fixed in 0.27.2-6) trixie: res

debian

CVE-2017-9239MEDIUMCVSS 6.5fixed in exiv2 0.25-3.1 (bookworm)2017

CVE-2017-9239 [MEDIUM] CVE-2017-9239: exiv2 - An issue was discovered in Exiv2 0.26. When the data structure of the structure ... An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file. Scope: local bookworm: resolved (fixed in

debian

CVE-2017-11339LOWCVSS 6.52017

CVE-2017-11339 [MEDIUM] CVE-2017-11339: exiv2 - There is a heap-based buffer overflow in the Image::printIFDStructure function o... There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2017-11337LOWCVSS 6.52017

CVE-2017-11337 [MEDIUM] CVE-2017-11337: exiv2 - There is an invalid free in the Action::TaskFactory::cleanup function of actions... There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2017-17722LOWCVSS 6.52017

CVE-2017-17722 [MEDIUM] CVE-2017-17722: exiv2 - In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigt... In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2017-14864LOWCVSS 5.5fixed in exiv2 0.27.2-6 (bookworm)2017

CVE-2017-14864 [MEDIUM] CVE-2017-14864: exiv2 - An Invalid memory address dereference was discovered in Exiv2::getULong in types... An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. Scope: local bookworm: resolved (fixed in 0.27.2-6) bullseye: resolved (fixed in 0.27.2-6) forky: resolved (fixed in 0.27.2-6) sid: resolved (fixed in 0.27.2-6) trix

debian

CVE-2017-11591LOWCVSS 7.5fixed in exiv2 0.27.2-6 (bookworm)2017

CVE-2017-11591 [HIGH] CVE-2017-11591: exiv2 - There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.... There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. Scope: local bookworm: resolved (fixed in 0.27.2-6) bullseye: resolved (fixed in 0.27.2-6) forky: resolved (fixed in 0.27.2-6) sid: resolved (fixed in 0.27.2-6) trixie: resolved (fixed in 0.27.2-6)

debian

CVE-2017-12956LOWCVSS 6.52017

CVE-2017-12956 [MEDIUM] CVE-2017-12956: exiv2 - There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basici... There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2017-1000128LOWCVSS 5.52017

CVE-2017-1000128 [MEDIUM] CVE-2017-1000128: exiv2 - Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2017-17724LOWCVSS 6.52017

CVE-2017-17724 [MEDIUM] CVE-2017-17724: exiv2 - In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::pr... In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the "!= 0x1c" case. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2017-14862LOWCVSS 5.5fixed in exiv2 0.27.2-6 (bookworm)2017

CVE-2017-14862 [MEDIUM] CVE-2017-14862: exiv2 - An Invalid memory address dereference was discovered in Exiv2::DataValue::read i... An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. Scope: local bookworm: resolved (fixed in 0.27.2-6) bullseye: resolved (fixed in 0.27.2-6) forky: resolved (fixed in 0.27.2-6) sid: resolved (fixed in 0.27.2-

debian

CVE-2017-12955LOWCVSS 8.82017

CVE-2017-12955 [HIGH] CVE-2017-12955: exiv2 - There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerab... There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

← Previous5 / 7Next →