SUSE CVE-2019-11050

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...

Malicious code in load-image-exif (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c314aa9b8893f20f40e6ab9b53ab508347aa09e376589762f1a429e1cdd33a3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4338 Malicious code in load-image-exif (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c314aa9b8893f20f40e6ab9b53ab508347aa09e376589762f1a429e1cdd33a3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

[SECURITY] Fedora 34 Update: perl-Image-ExifTool-12.38-1.fc34

ExifTool is a Perl module with an included command-line application for reading and writing meta information in image, audio, and video files. It reads EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP, and ID3 meta information from JPG, JP2, TIFF, GIF,...

Pixload - Image Payload Creating/Injecting Tools

Set of tools for creating/injecting payload into images. SETUP The following Perl modules are required: - GD - Image::ExifTool - String::CRC32 On Debian-based systems install these packages: sudo apt install libgd-perl libimage-exiftool-perl libstring-crc32-perl On OSX please refer to this...

USN-4009-1 php7.0, php7.2 vulnerabilities

It was discovered that PHP incorrectly handled certain exif tags in images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2019-11036 It was discovered that PHP incorrectly decoding certain MIME headers...

DEBIAN-CVE-2019-8942

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...

DEBIAN-CVE-2012-2812

The exifentrygetvalue function in exif-entry.c in the EXIF Tag Parsing Library aka libexif before 0.6.21 allows remote attackers to cause a denial of service out-of-bounds read or possibly obtain sensitive information from process memory via crafted EXIF tags in an image...

DEBIAN-CVE-2012-2840

Off-by-one error in the exifconvertutf16toutf8 function in exif-entry.c in the EXIF Tag Parsing Library aka libexif before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image...