CVE-2025-31959

Affected product : HCL BigFix Service Management (SM). Vulnerability : The SM application fails to strip EXIF metadata from uploaded images. This metadata may include sensitive location information, leading to confidentiality/privacy risks if inadvertently shared. Impact (from sources) : Privacy/...

HCL BigFix Service Management 安全漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. There is a security vulnerability in HCL BigFix Service Management. This vulnerability stems from the failure to remove EXIF metadata from uploaded images, which may lead t...

Kai-Tools

Kai Tools 🚀 Kai Tools adalah suite keamanan dan intelijen...

PT-2026-28384

Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0 Description The application is designed for managing recipes, planning meals, and creating shopping lists. Prior to version 2.6.0, the image processing pipeline does not remove EXIF metadata, rescale...

MiracleLinux 8 : gstreamer1-plugins-base-1.16.1-4.el8_10 (AXSA:2024-9007:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9007:03 advisory. gstreamer: EXIF Metadata Parsing Integer Overflow CVE-2024-4453 Tenable has extracted the preceding description block directly from the MiracleLinux security...

gstreamer: EXIF Metadata Parsing Integer Overflow

A flaw was found in the GStreamer library. This flaw allows a remote attacker to send specially crafted content to the victim, allowing for arbitrary code execution within the context of the affected installation's process. The vulnerability is caused by improper parsing of EXIF metadata and a la...

EUVD-2017-12101

Malware in sbrugna...

EUVD-2020-7361

Malware in sbrugna...

EUVD-2017-12105

Malware in sbrugna...

Unity Linux 20.1070a Security Update: gstreamer1 (UTSA-2025-984705)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984705 advisory. GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte...

EUVD-2024-44072

Malicious code in bioql PyPI...

EUVD-2022-45004

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-41837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds write vulnerability exists in the OpenImageIO::addexifitemtospec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted...

Linux Distros Unpatched Vulnerability : CVE-2019-8942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such a...

gstreamer: EXIF Metadata Parsing Integer Overflow

A flaw was found in the GStreamer library. This flaw allows a remote attacker to send specially crafted content to the victim, allowing for arbitrary code execution within the context of the affected installation's process. The vulnerability is caused by improper parsing of EXIF metadata and a la...

RHEL 9 : gstreamer1, gstreamer1-plugins-bad-free, gstreamer1-plugins-ugly-free, and gstreamer1-rtsp-server (RHSA-2025:7178)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:7178 advisory. The gstreamer1 packages contain a streaming media framework, based on graphs of filters which operate on media data. Security Fixes:...

Moderate: gstreamer1, gstreamer1-plugins-bad-free, gstreamer1-plugins-ugly-free, and gstreamer1-rtsp-server security update

The gstreamer1 packages contain a streaming media framework, based on graphs of filters which operate on media data. Security Fixes: gstreamer: EXIF Metadata Parsing Integer Overflow CVE-2024-4453 gstreamer: AV1 Video Parsing Stack-based Buffer Overflow CVE-2024-0444 For more details about the...

Informatica: EXIF metadata not stripped from profile image

The EXIF metadata was not stripped from the profile images uploaded to the platform. This could have resulted in the disclosure of location or other personal information associated with the uploaded images...

Important: gstreamer1-plugins-base

Issue Overview: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack...

Amazon Linux 2 : gstreamer1-plugins-base, --advisory ALAS2-2025-2747 (ALAS-2025-2747)

The version of gstreamer1-plugins-base installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2747 advisory. GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has...