Astra Linux - уязвимость в libimage-exiftool-perl

A vulnerability was detected in ExifTool version 13.53. The issue affects the Processmrld function in the lib/Image/ExifTool/GM.pm file, specifically in the JPEG/QuickTime/MOV/MP4 component. Manipulating the -ee argument leads to code injection. Local attacks are required to exploit this...

CVE-2026-7580 Exiftool JPEG/QuickTime/MOV/MP4 GM.pm Process_mrld code injection

A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Processmrld of the file lib/Image/ExifTool/GM.pm of the component JPEG/QuickTime/MOV/MP4. The manipulation of the argument -ee results in code injection. Attacking locally is a requirement. Upgrading to version 13.54 i...

OPENSUSE-SU-2026:20410-1 Security update for exiv2

This update for exiv2 fixes the following issues: Update to exiv2 0.28.8: - CVE-2024-24826: out-of-bounds read in QuickTimeVideo: NikonTagsDecoder bsc1219870. - CVE-2024-25112: denial of service due to unbounded recursion in QuickTimeVideo: multipleEntriesDecoder bsc1219871. - CVE-2024-39695:...

Linux Distros Unpatched Vulnerability : CVE-2022-3964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZ...

Out-of-bounds read in QuickTimeVideo::NikonTagsDecoder in Exiv2

...

SUSE CVE-2024-24826

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, QuickTimeVideo::NikonTagsDecoder, was new in v0.28.0, so Exiv2 versions before v0.28 are no...

AZL-42500 CVE-2024-24826 affecting package exiv2 0.28.0-1

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, QuickTimeVideo::NikonTagsDecoder, was new in v0.28.0, so Exiv2 versions before v0.28 are no...

AZL-42558 CVE-2024-25112 affecting package exiv2 for versions less than 0.28.3-1

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...

PYSEC-2024-107

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...

PYSEC-2024-106

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, QuickTimeVideo::NikonTagsDecoder, was new in v0.28.0, so Exiv2 versions before v0.28 are no...

PT-2024-20592

Name of the Vulnerable Software and Affected Versions Exiv2 versions v0.28.0 through v0.28.1 Description Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in the QuickTimeVideo::NikonTagsDecod...

OESA-2022-2101 exiv2 security update

Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata.It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats. Security Fixes: A vulnerability was found in Exiv2 an...

Denial Of Service (DoS)

libexiv2.so is vulnerable to denial of service.The vulnerability exists in QuickTimeVideo::multipleEntriesDecoder function of quicktimevideo.cpp due to an infinite loop in the Quicktime Video Handler which allows an attacker to crash the application via malicious input...

MGASA-2022-0420 Updated exiv2 packages fix security vulnerability

Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. CVE-2022-3756...

Updated exiv2 packages fix security vulnerability

Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. CVE-2022-3756...

CVE-2022-3953

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

OESA-2022-2063 exiv2 security update

Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats. Security Fixes: A vulnerability was found in Exiv2. ...

ROS-20221009-01

A vulnerability in the Exiv2 image metadata management library and command-line utility is related to the QuickTimeVideo::userDataDecoder function of the quicktimevideo.cpp file of the QuickTime Video Handler component. Exploitation of the vulnerability could allow an attacker acting remotely to...

CVE-2022-3755

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2022-3757

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...