OPENSUSE-SU-2026:20410-1 Security update for exiv2

This update for exiv2 fixes the following issues: Update to exiv2 0.28.8: - CVE-2024-24826: out-of-bounds read in QuickTimeVideo: NikonTagsDecoder bsc1219870. - CVE-2024-25112: denial of service due to unbounded recursion in QuickTimeVideo: multipleEntriesDecoder bsc1219871. - CVE-2024-39695:...

EUVD-2004-1282

Malware in sbrugna...

EUVD-2024-38191

Malicious code in bioql PyPI...

Exiv2 has an out-of-bounds read in AsfVideo::streamProperties

...

libexiv2 0.28.x < 0.28.3 (GHSA-38rv-8x93-pvrh)

The version of libexiv2 installed on the remote host is prior to 0.28.3. It is, therefore, affected by a vulnerability as referenced in the GHSA-38rv-8x93-pvrh advisory. - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An...

CVE-2024-39695

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds...

CVE-2024-39695 Exiv2 has an out-of-bounds read in AsfVideo::streamProperties

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds...

CVE-2024-39695

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds...

CVE-2024-39695 Exiv2 has an out-of-bounds read in AsfVideo::streamProperties

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds...

CVE-2024-39695

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds...

PT-2024-28633

Name of the Vulnerable Software and Affected Versions Exiv2 versions v0.28.0 through v0.28.2 Description An out-of-bounds read was found in the parser for the ASF video format, a new feature introduced in version v0.28.0. This issue is triggered when Exiv2 is used to read the metadata of a crafte...

PT-2024-40722 · Exiv2 · Exiv2

Name of the Vulnerable Software and Affected Versions: Exiv2 affected versions not specified Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the Exiv2::AsfVideo::GUIDTag::GUIDTag, Exiv2::AsfVideo::streamProperties, and...

exiv2 -- Out-of-bounds read in AsfVideo::streamProperties

Kevin Backhouse reports: An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0, so Exiv2 versions before v0.28 are not affected. The out-of-bounds read is triggered when Exiv2 is used to read the...

SUSE CVE-2004-1285

Buffer overflow in the getheader function in asfmmststreaming.c for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a crafted ASF video stream...

CVE-2004-1285

Buffer overflow in the getheader function in asfmmststreaming.c for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a crafted ASF video stream...

CVE-2004-1285

Buffer overflow in the getheader function in asfmmststreaming.c for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a crafted ASF video stream...

CVE-2004-1285

CVE-2004-1285 affects MPlayer 1.0pre5; a buffer overflow in the get_header function in asf_mmst_streaming.c can allow remote attackers to execute arbitrary code via a crafted ASF video stream. Descriptions from NVD/SUSE confirm the vulnerability; exploitation status and specific patches are not d...

MS Windows Media Player ASF Marker Buffer Overflow

I dunno if I've sent this before. If you embed a marker long enough in an .ASF video file you can make WMP crash when a victim clicks the marker drop down list under the file during playback. Use ASFCHOP.EXE to embed the following script to any ASF file: ----8----cut-here-----8---- startmarkertab...