CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

OpenVAS•added 2026/01/26 12:0 a.m.•2 views

openSUSE Security Advisory (SUSE-SU-2026:0231-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.9AI score0.00011EPSS

Exploits1References4

Veracode•added 2025/09/26 5:17 a.m.•5 views

Denial Of Service (DoS)

Exiv2 is vulnerable to Denial-of-Service DoS. The vulnerability is due to a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata, which can be exploited by crafted JPG image files to cause excessive processing time...

5.5CVSS7.1AI score0.00011EPSS

Exploits1References6Affected Software1

OSV•added 2025/08/29 3:15 p.m.•1 views

AZL-66767 CVE-2025-55304 affecting package exiv2 0.28.0-1

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata can cause Exiv2 to run for a long time...

5.5CVSS5.8AI score0.00011EPSS

Exploits1References1

CNNVD•added 2024/03/22 12:0 a.m.•1 views

jhead 安全漏洞

jhead is a tool for modifying information in JPEG files. A security vulnerability exists in Matthias-Wandel jhead version 3.08. An attacker could exploit the vulnerability to cause a heap-based buffer overflow...

7.5CVSS6.4AI score0.00096EPSS

Exploits0References5

OSSF Malicious Packages•added 2023/06/12 12:0 a.m.•2 views

Malicious code in jpeg-metadata (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7906a2514b62992b0bb412207830c603157b294619f8a328f6c8d95a8c494fde Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

6.9AI score

Exploits0References2

CNNVD•added 2022/10/17 12:0 a.m.•2 views

jhead 操作系统命令注入漏洞

jhead is a tool for modifying JPEG file information. An operating system command injection vulnerability exists in jhead version 3.06.0.1. An attacker can exploit this vulnerability to execute arbitrary commands...

7.8CVSS7.7AI score0.00047EPSS

Exploits1References12

OSV•added 2018/02/27 5:29 a.m.•1 views

CVE-2018-4909

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of...

6.5CVSS5.8AI score0.07498EPSS

Exploits0References3

Cvelist•added 2017/01/11 4:40 a.m.•20 views

CVE-2017-2964

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to the parsing of JPEG EXIF metadata. Successful exploitation could lead to arbitrary code execution...

9AI score0.02251EPSS

Exploits0References4

Prion•added 2006/03/31 11:6 a.m.•19 views

Integer overflow

Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service crash via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom"...

5CVSS6.6AI score0.03822EPSS

Exploits0References9Affected Software3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by