Debian Exiv2 vulnerabilities

125 known vulnerabilities affecting debian/exiv2.

Total CVEs

125

CISA KEV

0

Public exploits

1

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH6MEDIUM33LOW85

Vulnerabilities

Page 7 of 7

CVE-2017-9953LOWCVSS 7.52017

CVE-2017-9953 [HIGH] CVE-2017-9953: exiv2 - There is an invalid free in Image::printIFDStructure that leads to a Segmentatio... There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-9449MEDIUMCVSS 5.0fixed in exiv2 0.24-4.1 (bookworm)2014

CVE-2014-9449 [MEDIUM] CVE-2014-9449: exiv2 - Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in E... Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file. Scope: local bookworm: resolved (fixed in 0.24-4.1) bullseye: resolved (fixed in 0.24-4.1) forky: resolved (fixed in 0.24-4.1) sid: resolved (fixed in 0.24-4.1) trixie: res

CVE-2008-2696LOWCVSS 4.3fixed in exiv2 0.17-1 (bookworm)2008

CVE-2008-2696 [MEDIUM] CVE-2008-2696: exiv2 - Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (d... Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to "pretty printing" and the RationalValue::toLong function. Scope: local bookworm: resolved (fixed in 0.17-1) bullseye: resolved (fixed in 0.17-1) forky: resolved (fixed in

CVE-2007-6353MEDIUMCVSS 7.5fixed in exiv2 0.15-2 (bookworm)2007

CVE-2007-6353 [HIGH] CVE-2007-6353: exiv2 - Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers... Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 0.15-2) bullseye: resolved (fixed in 0.15-2) forky: resolved (fixed in 0.15-2) sid: resolved (fixed in 0.15-2) trixie: resolved (fixed in 0.15-2)

CVE-2005-4676MEDIUMCVSS 5.0PoCfixed in exiv2 0.9 (bookworm)2005

CVE-2005-4676 [MEDIUM] CVE-2005-4676: exiv2 - Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strin... Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata. Scope: local bookworm: resolved (fixed in 0.9) bullseye: resolved (fixed in 0.9) forky: resolved (fixed in 0.9) sid: resolved (fixed

← Previous7 / 7