EUVD-2018-0045

Malware in sbrugna...

Denial Of Service (DoS)

libexiv2.so is vulnerable to denial of service. The vulnerability is due to uncontrolled memory allocation in the Jp2Image::printStructure function in jp2image.cpp which allows an attacker to cause an application crash...

compat-exiv2-026 security update

0.26-3 - Fix heap-based buffer overflow vulnerability in jp2image.cpp Resolves: bz1990394...

Important: Red Hat Security Advisory: compat-exiv2-026 security update

An update for compat-exiv2-026 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: exiv2 security update

An update for exiv2 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

compat-exiv2-023 security update

0.23-3 - Fix heap-based buffer overflow vulnerability in jp2image.cpp Resolves: bz1990393...

exiv2 security update

0.27.3-3 - Fix heap-based buffer overflow vulnerability in jp2image.cpp that may lead to DoS Resolves: bz1990355...

compat-exiv2-026 security update

0.26-11 - Fix heap-based buffer overflow vulnerability in jp2image.cpp that may lead to DoS Resolves: bz1990397...

RLSA-2021:3152 Important: exiv2 security update

Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Security Fixes: exiv2: Heap-based buffer...

CVE-2021-31291

A flaw was found in exiv2. A flawed bounds checking in the jp2Image.cpp:doWriteMetadata function leads to a heap-based buffer overflow. This flaw allows an attacker who can provide a malicious image to an application using the exiv2 library, to write data out of bounds and potentially execute cod...

编号撤回

Exiv2 is a cross-platform C library and command-line utility for managing image metadata. jp2image.cpp in Exiv2 version 0.27.3 is vulnerable to a heap buffer overflow. An attacker could exploit this vulnerability to cause a denial of service via a specially crafted image file...

CVE-2021-3482

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data...

Denial Of Service

libexiv2.so is vulnerable to denial of service DoS. The attack exists when an attacker provide a malicious input to Jp2Image::readMetadata in jp2image.cpp, causing an infinite loop and high CPU usage...

CVE-2019-20421

In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file...

CVE-2019-20421

In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file...

CVE-2019-20421

Exiv2 0.27.2 contains a vulnerability in Jp2Image::readMetadata() where processing certain input files can loop indefinitely, consuming CPU and enabling a remote DoS via a crafted file. Public advisories from Debian, AlmaLinux, Alpine, Mageia and others indicate fixed releases in or after 0.27.2;...

CVE-2018-20099

There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack...

CVE-2018-20098

There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack...

Denial Of Service (DoS)

libexiv2.so is vulnerable to denial of service. An attacker is able to crash the process by entering a malicious input to the function Exiv2::Jp2Image::encodeJp2Header in jp2image.cpp which results in a heap-based buffer over-read...

Heap overflow

There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack...