Lucene search
K

336 matches found

Fedora
Fedora
added 2025/09/16 12:20 a.m.5 views

[SECURITY] Fedora 43 Update: exiv2-0.28.6-2.fc43

A command line utility to access image metadata, allowing one to: print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag print the Iptc metadata of Jpeg images print the Jpeg comment of Jpeg images set, add and delete Exif and Iptc metadata of...

5.5CVSS7.1AI score0.00226EPSS
Exploits1
Fedora
Fedora
added 2025/09/04 1:28 a.m.8 views

[SECURITY] Fedora 41 Update: exiv2-0.28.6-2.fc41

A command line utility to access image metadata, allowing one to: print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag print the Iptc metadata of Jpeg images print the Jpeg comment of Jpeg images set, add and delete Exif and Iptc metadata of...

5.5CVSS7.1AI score0.00226EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-39907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU...

5.3CVSS5.6AI score0.01437EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-0093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure...

5CVSS6.9AI score0.00301EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:38 a.m.7 views

CVE-2023-29850

SENAYAN Library Management System SLiMS Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information...

7.5CVSS6.5AI score0.00747EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:14 p.m.5 views

CVE-2021-39907

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage...

5.3CVSS6AI score0.01437EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:36 a.m.6 views

CVE-2019-15740

An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads...

5.3CVSS6.5AI score0.01608EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:7 a.m.8 views

CVE-2019-14280

In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public...

5.3CVSS6.8AI score0.07968EPSS
Exploits4References1
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.17 views

The vulnerability of the write_exif_data() function in the src/tiff.imageio/tiffoutput.cpp module of the OpenImageIO library allows a hacker to cause a service failure.

The vulnerability of the writeexifdata function in the src/tiff.imageio/tiffoutput.cpp module of the OpenImageIO library is related to the use of a NULL pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

7.5CVSS5.5AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/10 4:45 p.m.16 views

CVE-2025-32024

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to...

6.9CVSS6.7AI score0.00161EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/04/10 2:8 a.m.6 views

SUSE CVE-2025-32024

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to...

6.9CVSS6.9AI score0.00161EPSS
Exploits0References3
Snyk
Snyk
added 2025/04/09 5:5 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing large EXIF data structures. An attacker can cause denial of service by sending malicious images. Remediation Upgrade github.com/bep/imagemeta to version 0.10.0 or...

8.7CVSS6.9AI score0.00161EPSS
Exploits0References3
OSV
OSV
added 2025/04/09 5:5 p.m.12 views

GO-2025-3598 bep/imagemeta allows excessively large EXIF data structures in github.com/bep/imagemeta

bep/imagemeta allows excessively large EXIF data structures in github.com/bep/imagemeta...

6.9CVSS7.1AI score0.00161EPSS
Exploits0References3
OSV
OSV
added 2025/04/09 12:57 p.m.8 views

GHSA-Q7RW-W4CQ-2J6W bep/imagemeta allows excessively large EXIF data structures

Impact The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to construct denial-of-service attacks. Patches v0.10.0 added LimitNumTags default 5000 and LimitTagSize defau...

6.9CVSS6.3AI score0.00161EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/04/09 12:57 p.m.14 views

bep/imagemeta allows excessively large EXIF data structures

Impact The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to construct denial-of-service attacks. Patches v0.10.0 added LimitNumTags default 5000 and LimitTagSize defau...

6.9CVSS6.8AI score0.00161EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2025/04/08 3:10 p.m.5 views

CVE-2025-32024

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to...

6.9CVSS5.2AI score0.00161EPSS
Exploits0
Cvelist
Cvelist
added 2025/04/08 3:10 p.m.20 views

CVE-2025-32024 bep/imagemeta allows excessively large EXIF data structures

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to...

6.9CVSS0.00161EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/08 3:10 p.m.5 views

CVE-2025-32024 bep/imagemeta allows excessively large EXIF data structures

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to...

6.9CVSS7AI score0.00161EPSS
Exploits0References2
CVE
CVE
added 2025/04/08 3:10 p.m.209 views

CVE-2025-32024

CVE-2025-32024 affects the Go library bep/imagemeta used to read EXIF/IPTC/XMP metadata from JPEG, TIFF, PNG, and WebP files. The root cause is that EXIF data can define excessively large data structures, enabling a potential denial-of-service when untrusted images are processed prior to v0.10.0....

6.9CVSS7AI score0.00161EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.6 views

imagemeta 安全漏洞

imagemeta is a Go library by the individual developer Bjørn Erik Pedersen. It is used to read EXIF, IPTC and XMP image metadata from JPEG, TIFF, PNG and WebP files. A security vulnerability exists in versions prior to imagemeta v0.10.0 that stems from an unrestricted number and size of EXIF data...

6.9CVSS6.2AI score0.00161EPSS
Exploits0References4
Rows per page
Query Builder