Lucene search
K

169 matches found

OSV
OSV
added 2022/12/22 10:15 p.m.32 views

CVE-2022-41649

A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger...

9.1CVSS9AI score
Exploits0References4
OSV
OSV
added 2022/12/22 10:15 p.m.3 views

DEBIAN-CVE-2022-41649

A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger...

9.1CVSS8.1AI score0.01458EPSS
Exploits1References1
Prion
Prion
added 2022/12/22 10:15 p.m.25 views

Heap overflow

A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger...

6.4CVSS8.8AI score0.01458EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2022/12/22 10:15 p.m.6 views

UBUNTU-CVE-2022-41988

An information disclosure vulnerability exists in the OpenImageIO::decodeiptciim functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability...

7.5CVSS6.8AI score0.01169EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2022/12/22 10:15 p.m.33 views

CVE-2022-41649

A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger...

9.1CVSS7.1AI score0.01458EPSS
Exploits1References2
OSV
OSV
added 2022/12/22 10:15 p.m.1 views

UBUNTU-CVE-2022-41649

A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger...

9.1CVSS7.2AI score0.01458EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/22 12:0 a.m.5 views

OpenImageIO 缓冲区错误漏洞

OpenImageIO is an image read/write library, along with a number of tools and applications. OpenImageIO suffers from an information disclosure vulnerability caused by an out-of-bounds read flaw in the OpenImageIO::decodeiptciim function. An attacker can exploit this vulnerability to obtain sensiti...

7.5CVSS6AI score0.01169EPSS
Exploits1References8
Talos
Talos
added 2022/12/22 12:0 a.m.39 views

OpenImageIO TIFF file IPTC data information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1631 OpenImageIO TIFF file IPTC data information disclosure vulnerability December 22, 2022 CVE Number CVE-2022-41649 SUMMARY A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A...

9.1CVSS8.4AI score0.01458EPSS
Exploits1
OSV
OSV
added 2022/05/10 6:31 a.m.20 views

RLSA-2022:1842 Moderate: exiv2 security, bug fix, and enhancement update

Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. The following packages have been upgraded to ...

6.5CVSS6.7AI score0.01432EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/04/11 12:0 a.m.5 views

The vulnerability of the `Exiv2::IptcParser::decode` function in the `iptc.cpp` component of the Exiv2 metadata management library lies in the possibility of a buffer overflow. This allows an attacker to cause a service failure.

The vulnerability of the Exiv2::IptcParser::decode function in the iptc.cpp component of the Exiv2 metadata management library is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a...

7.1CVSS6.9AI score0.01332EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2021/11/09 8:31 a.m.35 views

ALSA-2021:4173 Moderate: exiv2 security, bug fix, and enhancement update

Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. The following packages have been upgraded to ...

7.8CVSS7.2AI score0.02555EPSS
Exploits3References12
OSV
OSV
added 2021/08/23 10:15 p.m.4 views

DEBIAN-CVE-2020-18773

An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service DOS via a crafted tif file...

6.5CVSS6.3AI score0.01332EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/23 12:0 a.m.6 views

Exiv2 缓冲区错误漏洞

Exiv2 is a cross-platform C library and command-line utility for managing image metadata. An invalid memory access vulnerability exists in the decode function in iptc.cpp in Exiv2 version 0.27.99.0. An attacker could exploit the vulnerability to cause a denial of service via a specially crafted t...

6.5CVSS5.7AI score0.01332EPSS
Exploits1References1
Veracode
Veracode
added 2021/08/18 5:55 p.m.4 views

Denial Of Service (DoS)

Exiv2 is vulnerable to denial of service. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if th...

5.5CVSS6.4AI score0.01051EPSS
Exploits0References8Affected Software2
RedhatCVE
RedhatCVE
added 2021/08/10 5:52 p.m.39 views

CVE-2021-37623

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacke...

5.5CVSS3.9AI score0.01051EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/08/10 5:52 p.m.37 views

CVE-2021-37622

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacke...

5.5CVSS3.9AI score0.01109EPSS
Exploits0References3
NVD
NVD
added 2021/08/09 7:15 p.m.14 views

CVE-2021-37622

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacke...

5.5CVSS0.01109EPSS
Exploits0References6
Prion
Prion
added 2021/08/09 7:15 p.m.22 views

Code injection

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacke...

4.3CVSS5.4AI score0.01109EPSS
Exploits0References6Affected Software3
OSV
OSV
added 2021/08/09 7:15 p.m.0 views

UBUNTU-CVE-2021-37622

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacke...

5.5CVSS6.6AI score0.01109EPSS
Exploits0References5
OSV
OSV
added 2021/08/09 6:15 p.m.2 views

DEBIAN-CVE-2021-37623

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacke...

5.5CVSS6.2AI score0.01051EPSS
Exploits0References1
Rows per page
Query Builder