DNG File Security Scanner for Detecting Malformed Metadata and Overflow Indicators

This Python script is a defensive security tool designed to analyze DNG Digital Negative image files and detect signs of structural corruption or potentially malicious metadata manipulation. It performs low-level parsing of TIFF/DNG structures by reading the file header and iterating through Imag...

EUVD-2025-200141

Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-58477

Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

PT-2025-48595

Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CLSA-2025-1744116383 libtiff: Fix of 4 CVEs

CVE-2024-7006: check return value of TIFFCreateAnonField to avoid potential DoS via memory allocation failures - CVE-2023-6228: validate input image codec in tiffcp to prevent heap-based buffer overflow and potential application crash - CVE-2022-40090: improve IFD loop handling in...

SUSE CVE-2012-0248

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service infinite loop and hang via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF...

The vulnerability of the exif_process_IFDTag function in the PHP programming language allows a perpetrator to gain unauthorized access to information or cause service failures.

The vulnerability of the exifprocessIFDTagName function in the PHP programming language is related to the execution of an operation that exceeds the permissible buffer data limits. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to information or cause servic...

exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp

There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack...

PYSEC-2017-136

A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service...

php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input

The exifprocessIFDinJPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted header data...

The vulnerability of the PHP interpreter, which allows attackers to trigger a service failure or exert other effects.

The vulnerability of the exifprocessIFDinJPEG function ext/exif/exif.c in the PHP interpreter improperly checks the size of the IFD file. Exploiting this vulnerability may allow a malicious actor to trigger a service failure memory overflow or potentially cause other effects through specially...

ImageMagick: invalid validation of images denial of service

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service infinite loop and hang via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF...

ImageMagick: invalid validation of images denial of service

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service infinite loop and hang via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF...

php: buffer over-read in Exif extension

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service application crash via an image with a crafted Image File Directory IFD that triggers a buffer over-read...

php: buffer over-read in Exif extension

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service application crash via an image with a crafted Image File Directory IFD that triggers a buffer over-read...

Buffer overflow

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service application crash via an image with a crafted Image File Directory IFD that triggers a buffer over-read...

CVE-2011-0708

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service application crash via an image with a crafted Image File Directory IFD that triggers a buffer over-read...

Debian DSA-1533-2 : exiftags - insufficient input sanitizing

Christian Schmid and Meder Kydyraliev Google Security discovered a number of vulnerabilities in exiftags, a utility for extracting EXIF metadata from JPEG images. The Common Vulnerabilities and Exposures project identified the following three problems : - CVE-2007-6354 Inadequate EXIF property...

GLSA-200504-15 : PHP: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200504-15 PHP: Multiple vulnerabilities An integer overflow and an unbound recursion were discovered in the processing of Image File Directory tags in PHP's EXIF module CAN-2005-1042, CAN-2005-1043. Furthermore, two infinite loops...