Lucene search
K

337 matches found

CNNVD
CNNVD
added 2025/04/08 12:0 a.m.6 views

imagemeta 安全漏洞

imagemeta is a Go library by the individual developer Bjørn Erik Pedersen. It is used to read EXIF, IPTC and XMP image metadata from JPEG, TIFF, PNG and WebP files. A security vulnerability exists in versions prior to imagemeta v0.10.0 that stems from an unrestricted number and size of EXIF data...

6.9CVSS6.2AI score0.00161EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.6 views

PT-2025-15446 · Unknown · Bep/Imagemeta

Name of the Vulnerable Software and Affected Versions: bep/imagemeta versions prior to 0.10.0 Description: The issue concerns a Go library for reading image meta data from various file formats. The EXIF data format allows for defining large data structures in small payloads, which could be abused...

8.7CVSS7.3AI score0.02421EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2016-10158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The exifconvertanytoint function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial ...

7.5CVSS7.8AI score0.07763EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2015-0232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The exifprocessunicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrar...

6.8CVSS7.2AI score0.16212EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/01/29 12:0 a.m.5 views

PT-2025-4863 · Unknown · Exif Viewer Classic

Name of the Vulnerable Software and Affected Versions: EXIF Viewer Classic versions 2.3.2 through 2.4.0 Description: The issue is caused by improper handling of EXIF meta data, leading to a cross-site scripting vulnerability. When an image is rendered and crafted EXIF meta data is processed, an...

6.1CVSS6.7AI score0.00347EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/01/27 12:0 a.m.4 views

Exif Viewer 跨站脚本漏洞

Exif Viewer is an Exif viewer from Exif Viewer Inc. to quickly access the Exif data of any image/photo seen in Google Chrome. A cross-site scripting vulnerability exists in Exif Viewer versions 2.3.2 and 2.4.0, which stems from improper handling of EXIF metadata and could lead to the execution of...

6.1CVSS5.9AI score0.00347EPSS
Exploits0References4
OSV
OSV
added 2025/01/14 7:23 p.m.7 views

BIT-PHP-MIN-2020-7064 Use-of-uninitialized-value in exif

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...

6.5CVSS6.8AI score0.04295EPSS
Exploits1References11
Akamai Blog
Akamai Blog
added 2024/10/24 1:0 p.m.2 views

Scrub EXIF Image Data in Your DevOps Pipeline

In this post, we’ll go over why you need to scrub EXIF image data and how to integrate this process into your DevOps pipeline...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/09/30 12:0 a.m.6 views

The vulnerability of the exif_data_save_data_entry() function in the exif-data.c component of the Libexif library for processing EXIF files allows a hacker to access confidential data.

The vulnerability of the exifdatasavedataentry function in the exif-data.c component of the Libexif library for EXIF-file parsing involves reading data beyond the buffer’s allowed limits. Exploiting this vulnerability could allow an attacker to access confidential data...

5CVSS6.8AI score0.00301EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2024/06/04 5:18 p.m.20 views

GHSA-277C-5VVJ-9PWX Flooding Server with Thumbnail files

Details 1. All Imagick supported Fileformats are served without filtering The Thumbnail endpoint does not check against any filters what file formats should be served. We can transcode the image in all formats imagemagick supports. With that we can create Files that are much larger in filesize th...

7.5CVSS7.5AI score0.00763EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.4 views

PT-2024-23696 · WordPress · Nextgen Gallery

Name of the Vulnerable Software and Affected Versions: NextGEN Gallery plugin for WordPress versions up to and including 3.59 Description: The issue allows unauthorized access to data due to a missing capability check on the get item function. This enables unauthenticated attackers to extract...

5.3CVSS9.5AI score0.38023EPSS
Exploits0References6
OSV
OSV
added 2024/03/20 6:15 a.m.1 views

DEBIAN-CVE-2024-28573

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the jpegreadexifprofile function when reading images in JPEG format...

6.2CVSS5.2AI score0.00291EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.4 views

PT-2024-22480 · Freeimage +1 · Freeimage +1

Name of the Vulnerable Software and Affected Versions: FreeImage version 3.19.0 r1909 Description: A Null Pointer Dereference issue allows a local attacker to cause a denial of service DoS via the jpeg read exif profile raw function when reading images in JPEG format. Recommendations: For FreeIma...

5.5CVSS6.5AI score0.00286EPSS
Exploits1References12
OSV
OSV
added 2024/03/06 11:17 a.m.15 views

BIT-GITLAB-2021-39907

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage...

5.3CVSS5.2AI score0.01437EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/11/11 12:0 a.m.6 views

The vulnerability of the `add_exif_item_to_spec` function in the `src/libOpenImageIO/exif.cpp` component of the OpenImageIO image processing library allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the addexifitemtospec function in the src/libOpenImageIO/exif.cpp component of the OpenImageIO image processing library is related to the return of a stack variable address. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise...

10CVSS7.7AI score0.01581EPSS
Exploits1References8Affected Software4
CNNVD
CNNVD
added 2023/11/06 12:0 a.m.4 views

Exiv2 Buffer Error Vulnerability

Exiv2 is a set of C++ libraries and command line applications for managing image metadata from the individual developer Andreas Huggel. The product provides the ability to read and write image metadata in a variety of formats including EXIF, IPTC and XMP. A buffer error vulnerability exists in...

8.8CVSS8.1AI score0.00965EPSS
Exploits0References5
Veracode
Veracode
added 2023/08/06 8:6 p.m.15 views

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. The vulnerability exists when stripping EXIF data from specific images, leading to high CPU usage and an application crash...

5.3CVSS6.7AI score0.01437EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2023/05/18 6:36 a.m.23 views

Information Disclosure

github.com/answerdev/answer is vulnerable to Information Disclosure. The vulnerability exists due to improper validation in the filePath attribute in the uploadFile function of upload.go, which allows an attacker to access the uploaded image and extract the EXIF data...

6.5CVSS6.7AI score0.00597EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2023/05/17 7:12 a.m.21 views

Information Disclosure

github.com/answerdev/answer is vulnerable to Information Disclosure. The vulnerability exists because of uninitialized memory exposure in the upload.go file, which allows an attacker to access the uploaded image and extract the EXIF data...

6.5CVSS6.7AI score0.00586EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/04/14 2:15 p.m.16 views

CVE-2023-29850

SENAYAN Library Management System SLiMS Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information...

7.5CVSS7.3AI score0.00747EPSS
Exploits1References1
Rows per page
Query Builder