Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.10 views

CVE-2026-8813

This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...

8.7CVSS5.4AI score0.00528EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 5:58 p.m.13 views

EUVD-2026-30838

ExifReader is vulnerable to denial of service via crafted ICC mluc tag...

8.7CVSS5.8AI score0.00528EPSS
Exploits0References5
OSV
OSV
added 2026/05/29 5:58 p.m.7 views

GHSA-H64W-W9PR-82M4 ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag

Impact When parsing an image with an embedded ICC profile that contains a crafted multiLocalizedUnicodeType mluc tag, ExifReader can be made to allocate memory proportional to attacker-controlled fields in the tag rather than to the actual size of the input. Processing such an image causes...

8.7CVSS5.9AI score0.00528EPSS
Exploits0References6
CVE
CVE
added 2026/05/19 5:0 a.m.32 views

CVE-2026-8813

CVE-2026-8813 affects exifreader before 4.39.0. A crafted ICC profile mluc tag allows an attacker-controlled record count with a zero record size, causing the parser to repeatedly process the same records and grow memory usage, leading to DoS. Proof-of-concept in SNYK shows a large loop with mluc...

8.7CVSS5.8AI score0.00528EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/19 5:0 a.m.8 views

CVE-2026-8813

This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...

8.7CVSS5.8AI score0.00528EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/19 5:0 a.m.11 views

CVE-2026-8813

This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...

8.7CVSS5.8AI score0.00528EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.13 views

PT-2026-41831

Name of the Vulnerable Software and Affected Versions exifreader versions prior to 4.39.0 Description A crafted image containing an ICC mluc tag can specify an attacker-controlled record count combined with a zero record size. During the parsing process, the software repeatedly processes the same...

8.7CVSS5.8AI score0.00528EPSS
Exploits0References11
Snyk
Snyk
added 2026/05/06 6:4 a.m.9 views

Improper Validation of Specified Quantity in Input

Overview exifreader is a Library that parses Exif metadata in images. Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size...

8.7CVSS5.8AI score0.00528EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2011/06/08 12:0 a.m.41 views

Oracle Java ICC Profile MultiLanguage 'mluc' Tag Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way Java handles color profiles. When parsing a...

9CVSS6AI score0.06277EPSS
Exploits0References1
Rows per page
Query Builder