337 matches found
imagemeta 安全漏洞
imagemeta is a Go library by the individual developer Bjørn Erik Pedersen. It is used to read EXIF, IPTC and XMP image metadata from JPEG, TIFF, PNG and WebP files. A security vulnerability exists in versions prior to imagemeta v0.10.0 that stems from an unrestricted number and size of EXIF data...
PT-2025-15446 · Unknown · Bep/Imagemeta
Name of the Vulnerable Software and Affected Versions: bep/imagemeta versions prior to 0.10.0 Description: The issue concerns a Go library for reading image meta data from various file formats. The EXIF data format allows for defining large data structures in small payloads, which could be abused...
Linux Distros Unpatched Vulnerability : CVE-2016-10158
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The exifconvertanytoint function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial ...
Linux Distros Unpatched Vulnerability : CVE-2015-0232
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The exifprocessunicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrar...
PT-2025-4863 · Unknown · Exif Viewer Classic
Name of the Vulnerable Software and Affected Versions: EXIF Viewer Classic versions 2.3.2 through 2.4.0 Description: The issue is caused by improper handling of EXIF meta data, leading to a cross-site scripting vulnerability. When an image is rendered and crafted EXIF meta data is processed, an...
Exif Viewer 跨站脚本漏洞
Exif Viewer is an Exif viewer from Exif Viewer Inc. to quickly access the Exif data of any image/photo seen in Google Chrome. A cross-site scripting vulnerability exists in Exif Viewer versions 2.3.2 and 2.4.0, which stems from improper handling of EXIF metadata and could lead to the execution of...
BIT-PHP-MIN-2020-7064 Use-of-uninitialized-value in exif
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...
Scrub EXIF Image Data in Your DevOps Pipeline
In this post, we’ll go over why you need to scrub EXIF image data and how to integrate this process into your DevOps pipeline...
The vulnerability of the exif_data_save_data_entry() function in the exif-data.c component of the Libexif library for processing EXIF files allows a hacker to access confidential data.
The vulnerability of the exifdatasavedataentry function in the exif-data.c component of the Libexif library for EXIF-file parsing involves reading data beyond the buffer’s allowed limits. Exploiting this vulnerability could allow an attacker to access confidential data...
GHSA-277C-5VVJ-9PWX Flooding Server with Thumbnail files
Details 1. All Imagick supported Fileformats are served without filtering The Thumbnail endpoint does not check against any filters what file formats should be served. We can transcode the image in all formats imagemagick supports. With that we can create Files that are much larger in filesize th...
PT-2024-23696 · WordPress · Nextgen Gallery
Name of the Vulnerable Software and Affected Versions: NextGEN Gallery plugin for WordPress versions up to and including 3.59 Description: The issue allows unauthorized access to data due to a missing capability check on the get item function. This enables unauthenticated attackers to extract...
DEBIAN-CVE-2024-28573
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the jpegreadexifprofile function when reading images in JPEG format...
PT-2024-22480 · Freeimage +1 · Freeimage +1
Name of the Vulnerable Software and Affected Versions: FreeImage version 3.19.0 r1909 Description: A Null Pointer Dereference issue allows a local attacker to cause a denial of service DoS via the jpeg read exif profile raw function when reading images in JPEG format. Recommendations: For FreeIma...
BIT-GITLAB-2021-39907
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage...
The vulnerability of the `add_exif_item_to_spec` function in the `src/libOpenImageIO/exif.cpp` component of the OpenImageIO image processing library allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the addexifitemtospec function in the src/libOpenImageIO/exif.cpp component of the OpenImageIO image processing library is related to the return of a stack variable address. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise...
Exiv2 Buffer Error Vulnerability
Exiv2 is a set of C++ libraries and command line applications for managing image metadata from the individual developer Andreas Huggel. The product provides the ability to read and write image metadata in a variety of formats including EXIF, IPTC and XMP. A buffer error vulnerability exists in...
Denial Of Service (DoS)
gitlab is vulnerable to Denial Of Service DoS. The vulnerability exists when stripping EXIF data from specific images, leading to high CPU usage and an application crash...
Information Disclosure
github.com/answerdev/answer is vulnerable to Information Disclosure. The vulnerability exists due to improper validation in the filePath attribute in the uploadFile function of upload.go, which allows an attacker to access the uploaded image and extract the EXIF data...
Information Disclosure
github.com/answerdev/answer is vulnerable to Information Disclosure. The vulnerability exists because of uninitialized memory exposure in the upload.go file, which allows an attacker to access the uploaded image and extract the EXIF data...
CVE-2023-29850
SENAYAN Library Management System SLiMS Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information...