86 matches found
CVE-2018-12264
Exiv2 0.26 has integer overflows in LoaderTiff::getData in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp...
Integer overflow
Exiv2 0.26 has integer overflows in LoaderTiff::getData in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp...
CVE-2018-12264
Exiv2 0.26 has integer overflows in LoaderTiff::getData in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp...
CVE-2018-12264
Exiv2 0.26 contains an integer overflow in LoaderTiff::getData() (preview.cpp), leading to an out-of-bounds read in Exiv2::ValueType::setDataArea (value.hpp). Exploitation could cause crashes or memory corruption. The vulnerability is addressed in later Exiv2 revisions (e.g., upgrade to the 0.27....
CVE-2018-11531
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp...
Buffer Overflow
libexiv2.so is vulnerable to buffer overflows. A malicious user can pass a jpg file to the LoaderTiff::getData function in preview.cpp to cause a buffer overflow that can crash the application or execute arbitrary code...
PYSEC-2018-130
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp...
Heap overflow
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp...
DEBIAN-CVE-2018-11531
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp...
PYSEC-2018-130
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp...
CVE-2018-11531
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp...
Exiv2 Buffer Overflow Vulnerability
Exiv2 is a set of C++ libraries and command line applications for managing image metadata by software developer Andreas Huggel, which provides for reading and writing image metadata in a variety of formats including EXIF, IPTC and XMP. A buffer overflow vulnerability exists in the getData of the...
UBUNTU-CVE-2018-11531
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp...
Google Android 'address' parameter has unspecified vulnerability
Android is a Linux-based open-source operating system jointly developed by Google and the Open Handheld Alliance OHA for short, and Qualcomm MDM9625 and other central processing unit CPU products from Qualcomm are used in different platforms. A security vulnerability exists in the Qualcomm...
PT-2018-2292 · Exiv2 +3 · Exiv2 +3
Name of the Vulnerable Software and Affected Versions: Exiv2 version 0.26 Description: The issue is related to a heap-based buffer overflow in the getData function, located in preview.cpp, which can be exploited by a remote attacker using a specially crafted malicious file. This could potentially...
Ecava IntegraXor Report getdata name SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the name parameter provided to the getdata page. The issue...
CVE-2017-12779
The NodeGetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service Null pointer dereference and application crash via a crafted mkv file...
mkvalidator 'Node_GetData' Function Denial of Service Vulnerability
mkvalidator is a command line tool from the Matroska team for verifying that Matroska and WebM files are canonical. A security vulnerability exists in the 'NodeGetData' function in the corec/corec/node/node.c file in mkvalidator version 0.5.1. A remote attacker can exploit this vulnerability to...
Schneider Electric U.motion Builder track_getdata Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. No authentication is required to exploit this vulnerability. A remote code execution vulnerability exists in Schneider Electric U.motion Builder trackgetdata. T...
elfutils '__libelf_set_rawdata_wrlock' function denial of service vulnerability
elfutils is a collection of utilities and libraries for reading, creating and modifying ELF binaries. A denial of service vulnerability exists in the libelfsetrawdatawrlock function in elfutils's elfgetdata.c. A remote attacker could use this vulnerability to cause a denial of service via a...