CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

BDU FSTEC•added 2023/11/13 12:0 a.m.•2 views

The vulnerability of the BmffImage::brotliUncompress() function in the Exiv2 library and command-line utilities for managing image metadata allows a hacker to execute arbitrary code.

The vulnerability of the BmffImage::brotliUncompress function in the Exiv2 library and command-line utilities for managing image metadata involves an escape from the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS7.7AI score0.00973EPSS

Exploits0References5Affected Software1

Veracode•added 2023/11/08 5:38 a.m.•16 views

Out-of-bounds Write

libexiv2.so is vulnerable to Out-of-bounds Write. The vulnerability exists because of an integer overflow in the brotliUncompress function within bmffimage.cpp. This flaw enables an attacker to manipulate and potentially read, write, delete, or modify image metadata such as Exif, IPTC, XMP, and I...

8.8CVSS7.2AI score0.00973EPSS

Exploits0References3Affected Software2

Prion•added 2023/11/06 6:15 p.m.•21 views

Design/Logic Flaw

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, BmffImage::brotliUncompress, is new in v0.28.0, so earlier versions of Exiv2 are not...

6.8CVSS7.2AI score0.00973EPSS

Exploits0References3Affected Software1