47 matches found
CLSA-2026-1774266713 exiv2: Fix of 2 CVEs
CVE-2026-25884: fix out-of-bounds read in CRW image parser - CVE-2026-27596: fix integer underflow in preview component...
CLSA-2026-1774266009 exiv2: Fix of 2 CVEs
CVE-2026-25884: fix out-of-bounds read in CRW image parser - CVE-2026-27596: fix integer underflow in preview component...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the decode0x0805 function of the CRW image parser. An attacker can cause the application to read memory outside the bounds of an allocated buffer by providing a specially crafted CRW image file. Remediation A fix w...
AZL-78621 CVE-2026-25884 affecting package exiv2 0.28.0-1
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...
AZL-78524 CVE-2026-25884 affecting package exiv2 0.28.3-1
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...
CVE-2026-25884
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...
CVE-2026-25884 Exiv2: Out-of-bounds read in CrwMap::decode0x0805
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...
CVE-2026-25884 Exiv2: Out-of-bounds read in CrwMap::decode0x0805
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...
CVE-2026-25884 Exiv2: Out-of-bounds read in CrwMap::decode0x0805
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...
CVE-2026-25884
Exiv2 is a C++ library/CLI for image metadata. Prior to version 0.28.8, a set of out-of-bounds/read-related issues were reported: first, an out-of-bounds read in the CRW image parser (CVE-2026-25884); second, a related issue in the preview component (CVE-2026-27596); and a crash due to an uncaugh...
Exiv2 缓冲区错误漏洞
Exiv2 is a C++ library and command-line application developed by Andreas Huggel, designed for managing image metadata. This product provides functionality for reading and writing image metadata in various formats such as EXIF, IPTC, and XMP. Versions of Exiv2 prior to 0.28.8 contained a buffer...
EUVD-2019-4654
Malware in sbrugna...
EUVD-2019-4651
Malware in sbrugna...
SUSE CVE-2019-13110
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted CRW image file...
SUSE CVE-2019-13113
Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...
exiv2: invalid data location in CRW image file causing denial of service
Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...
Huawei EulerOS: Security Advisory for exiv2 (EulerOS-SA-2019-1830)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2019-0415 Updated exiv2 packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. CVE-2019-13108 An integer overflow in Exiv2...
Updated exiv2 packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. CVE-2019-13108 An integer overflow in Exiv2...
Denial Of Service (DoS)
libexiv2.so is vulnerable to denial of service DoS attacks. When an attacker sends a malicious CRW image,the function Exiv2::Internal::CiffDirectory::readDirectory in crwimageint.cpp fails to check the offset and size against the total size, causing a trigger for an application crash via...