336 matches found
[SECURITY] Fedora 43 Update: exiv2-0.28.6-2.fc43
A command line utility to access image metadata, allowing one to: print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag print the Iptc metadata of Jpeg images print the Jpeg comment of Jpeg images set, add and delete Exif and Iptc metadata of...
[SECURITY] Fedora 41 Update: exiv2-0.28.6-2.fc41
A command line utility to access image metadata, allowing one to: print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag print the Iptc metadata of Jpeg images print the Jpeg comment of Jpeg images set, add and delete Exif and Iptc metadata of...
Linux Distros Unpatched Vulnerability : CVE-2021-39907
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU...
Linux Distros Unpatched Vulnerability : CVE-2020-0093
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure...
CVE-2023-29850
SENAYAN Library Management System SLiMS Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information...
CVE-2021-39907
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage...
CVE-2019-15740
An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads...
CVE-2019-14280
In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public...
The vulnerability of the write_exif_data() function in the src/tiff.imageio/tiffoutput.cpp module of the OpenImageIO library allows a hacker to cause a service failure.
The vulnerability of the writeexifdata function in the src/tiff.imageio/tiffoutput.cpp module of the OpenImageIO library is related to the use of a NULL pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
CVE-2025-32024
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to...
SUSE CVE-2025-32024
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing large EXIF data structures. An attacker can cause denial of service by sending malicious images. Remediation Upgrade github.com/bep/imagemeta to version 0.10.0 or...
GO-2025-3598 bep/imagemeta allows excessively large EXIF data structures in github.com/bep/imagemeta
bep/imagemeta allows excessively large EXIF data structures in github.com/bep/imagemeta...
GHSA-Q7RW-W4CQ-2J6W bep/imagemeta allows excessively large EXIF data structures
Impact The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to construct denial-of-service attacks. Patches v0.10.0 added LimitNumTags default 5000 and LimitTagSize defau...
bep/imagemeta allows excessively large EXIF data structures
Impact The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to construct denial-of-service attacks. Patches v0.10.0 added LimitNumTags default 5000 and LimitTagSize defau...
CVE-2025-32024
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to...
CVE-2025-32024 bep/imagemeta allows excessively large EXIF data structures
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to...
CVE-2025-32024 bep/imagemeta allows excessively large EXIF data structures
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to...
CVE-2025-32024
CVE-2025-32024 affects the Go library bep/imagemeta used to read EXIF/IPTC/XMP metadata from JPEG, TIFF, PNG, and WebP files. The root cause is that EXIF data can define excessively large data structures, enabling a potential denial-of-service when untrusted images are processed prior to v0.10.0....
imagemeta 安全漏洞
imagemeta is a Go library by the individual developer Bjørn Erik Pedersen. It is used to read EXIF, IPTC and XMP image metadata from JPEG, TIFF, PNG and WebP files. A security vulnerability exists in versions prior to imagemeta v0.10.0 that stems from an unrestricted number and size of EXIF data...