3 matches found
Amazon Linux 2 : exiv2, --advisory ALAS2-2025-3086 (ALAS-2025-3086)
The version of exiv2 installed on the remote host is prior to 0.27.0-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3086 advisory. Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata...
CVE-2025-55304
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata can cause Exiv2 to run for a long time...
CVE-2025-54080
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An...