Lucene search
K

47 matches found

OSV
OSV
added 2026/03/23 11:51 a.m.7 views

CLSA-2026-1774266713 exiv2: Fix of 2 CVEs

CVE-2026-25884: fix out-of-bounds read in CRW image parser - CVE-2026-27596: fix integer underflow in preview component...

8.1CVSS5.8AI score0.00367EPSS
Exploits1References1
OSV
OSV
added 2026/03/23 11:40 a.m.6 views

CLSA-2026-1774266009 exiv2: Fix of 2 CVEs

CVE-2026-25884: fix out-of-bounds read in CRW image parser - CVE-2026-27596: fix integer underflow in preview component...

8.1CVSS5.8AI score0.00367EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/03 12:26 a.m.2 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the decode0x0805 function of the CRW image parser. An attacker can cause the application to read memory outside the bounds of an allocated buffer by providing a specially crafted CRW image file. Remediation A fix w...

8.1CVSS6AI score0.00307EPSS
Exploits1References2
OSV
OSV
added 2026/03/02 8:16 p.m.7 views

AZL-78621 CVE-2026-25884 affecting package exiv2 0.28.0-1

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...

8.1CVSS6.5AI score0.00307EPSS
Exploits1References1
OSV
OSV
added 2026/03/02 8:16 p.m.6 views

AZL-78524 CVE-2026-25884 affecting package exiv2 0.28.3-1

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...

8.1CVSS5.7AI score0.00307EPSS
Exploits1References1
NVD
NVD
added 2026/03/02 8:16 p.m.6 views

CVE-2026-25884

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...

8.1CVSS0.00307EPSS
Exploits1References3
OSV
OSV
added 2026/03/02 7:41 p.m.5 views

CVE-2026-25884 Exiv2: Out-of-bounds read in CrwMap::decode0x0805

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...

6.9CVSS5.8AI score0.00307EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/02 7:41 p.m.3 views

CVE-2026-25884 Exiv2: Out-of-bounds read in CrwMap::decode0x0805

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...

6.9CVSS5.8AI score0.00307EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/02 7:41 p.m.34 views

CVE-2026-25884 Exiv2: Out-of-bounds read in CrwMap::decode0x0805

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...

6.9CVSS0.00307EPSS
Exploits1References3
CVE
CVE
added 2026/03/02 7:41 p.m.27 views

CVE-2026-25884

Exiv2 is a C++ library/CLI for image metadata. Prior to version 0.28.8, a set of out-of-bounds/read-related issues were reported: first, an out-of-bounds read in the CRW image parser (CVE-2026-25884); second, a related issue in the preview component (CVE-2026-27596); and a crash due to an uncaugh...

8.1CVSS5.8AI score0.00307EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.6 views

Exiv2 缓冲区错误漏洞

Exiv2 is a C++ library and command-line application developed by Andreas Huggel, designed for managing image metadata. This product provides functionality for reading and writing image metadata in various formats such as EXIF, IPTC, and XMP. Versions of Exiv2 prior to 0.28.8 contained a buffer...

8.1CVSS6.8AI score0.00307EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2019-4654

Malware in sbrugna...

6.5CVSS6.4AI score0.02127EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-4651

Malware in sbrugna...

6.5CVSS7AI score0.01925EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.5 views

SUSE CVE-2019-13110

A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted CRW image file...

4.3CVSS7.5AI score0.01925EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.3 views

SUSE CVE-2019-13113

Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...

4.3CVSS7.6AI score0.02127EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/04/28 3:31 p.m.6 views

exiv2: invalid data location in CRW image file causing denial of service

Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...

6.5CVSS5.8AI score0.02127EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.28 views

Huawei EulerOS: Security Advisory for exiv2 (EulerOS-SA-2019-1830)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.4AI score0.02127EPSS
Exploits3References2
OSV
OSV
added 2019/12/31 4:51 p.m.11 views

MGASA-2019-0415 Updated exiv2 packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. CVE-2019-13108 An integer overflow in Exiv2...

6.5CVSS6.2AI score0.02127EPSS
Exploits6References4
Mageia
Mageia
added 2019/12/31 4:51 p.m.59 views

Updated exiv2 packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. CVE-2019-13108 An integer overflow in Exiv2...

6.5CVSS1.6AI score0.02127EPSS
Exploits6References3
Veracode
Veracode
added 2019/11/28 2:48 a.m.24 views

Denial Of Service (DoS)

libexiv2.so is vulnerable to denial of service DoS attacks. When an attacker sends a malicious CRW image,the function Exiv2::Internal::CiffDirectory::readDirectory in crwimageint.cpp fails to check the offset and size against the total size, causing a trigger for an application crash via...

6.5CVSS2.6AI score0.01851EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder