exiv2: Integer overflow in CrwMap:encode0x1810 leading to heap-based buffer overflow and DoS

A flaw was found in exiv2. A integer wraparound in the CrwMap:encode0x1810 function leads to memcpy call with a very large size allowing an attacker, who can provide a malicious image, to crash an application which uses the exiv2 library. The highest threat from this vulnerability is to service...

Exiv2 integer overflow vulnerability (CNVD-2021-62191)

Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. An integer overflow vulnerability exists in CrwMap::encode0x1810 in Exiv2 version 0.27.3. An attacker could exploit this vulnerability to cause a denial of service via a specially crafted image file...

PYSEC-2021-877

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service DOS via crafted metadata...

CVE-2021-31292

Exiv2 vulnerability CVE-2021-31292: an integer overflow in CrwMap::encode0x1810 in Exiv2 0.27.3 allows a heap-based buffer overflow via crafted metadata, enabling a denial of service. The issue affects Exiv2’s image metadata handling (library and related tooling) and is addressed by upgrading to ...