Astra Linux - уязвимость в exiv2

In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file may lead to an infinite loop and system hangs, accompanied by high CPU consumption. Remote attackers could exploit this vulnerability to cause a denial of service by using a specially crafted file...

Astra Linux – Vulnerability in exiv2

There is a out-of-bounds read in the Exiv2::MrwImage::readMetadata method in mrwimage.cpp, within Exiv2 from version 0.27.2 onwards...

SUSE SLES15 / openSUSE 15 Security Update : exiv2-0_26 (SUSE-SU-2026:0231-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0231-1 advisory. Add reference for previously fixed issue: - CVE-2025-55304: Fixed quadratic performance algorithm in the ICC profile parsing...

Security update for exiv2-0_26

This update for exiv2-026 fixes the following issues: Add reference for previously fixed issue: CVE-2025-55304: Fixed quadratic performance algorithm in the ICC profile parsing code of JpegBase::readMetadata bsc1248963. Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2026:0231-1 Security update for exiv2-0_26

This update for exiv2-026 fixes the following issues: Add reference for previously fixed issue: - CVE-2025-55304: Fixed quadratic performance algorithm in the ICC profile parsing code of JpegBase::readMetadata bsc1248963...

ROS-20251028-07

A vulnerability in the library commands for Exiv2 media file metadata management is related to the following quadratic algorithm in the ICC profile analysis code in jpegBase::readMetadata can lead to a prolonged Exiv2. Exploitation of the vulnerability could allow an attacker to cause a denial of...

EUVD-2019-4961

Malware in sbrugna...

FreeBSD : exiv2 -- Denial-of-service (340dc4c1-895a-11f0-b6e5-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 340dc4c1-895a-11f0-b6e5-4ccc6adda413 advisory. Kevin Backhouse reports: A denial-of-service was found in Exiv2 version v0.28.5: a quadratic algorithm ...

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the jpegBase::readMetadata function. An attacker can cause excessive resource consumption and make the application unresponsive by submitting a specially crafted jpg image file. Remediation A fix w...

The vulnerability of the Exiv2::MrwImage::readMetadata() function in the mrwimage.cpp component of the Exiv2 metadata management library allows a hacker to induce a service failure.

The vulnerability of the Exiv2::MrwImage::readMetadata function in the mrwimage.cpp component of the Exiv2 metadata management library is related to reading data beyond the allowed buffer limits. Exploiting this vulnerability could allow a malicious actor to cause service failures through a...

The vulnerability of the Exiv2::PngImage::readMetadata() function in the pngimage.cpp component of the Exiv2 metadata management library allows a hacker to cause a service failure.

The vulnerability of the Exiv2::PngImage::readMetadata function in the pngimage.cpp component of the Exiv2 metadata management library is related to reading data beyond the buffer’s allowed limits. Exploiting this vulnerability could allow a malicious actor to cause service failures by using a...

SUSE CVE-2018-10998

An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service SIGABRT by triggering an incorrect Safe::add call...

SUSE CVE-2018-19108

In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service infinite loop caused by an integer overflow via a crafted PSD image file...

SUSE CVE-2019-13109

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction...

SUSE CVE-2019-14369

Exiv2::PngImage::readMetadata in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service heap-based buffer over-read via a crafted image file...

SUSE CVE-2021-3482

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data...

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

...

There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2.

...

exiv2: Heap-based buffer overflow in Jp2Image::readMetadata()

A flaw was found in Exiv2. Improper input validation of the rawData.size property in the Jp2Image::readMetadata function in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. The highest threat from this vulnerability is to confidentialit...

The vulnerability of the Jp2Image::readMetadata() function in the jp2image.cpp component of the Exiv2 media metadata management library is related to the occurrence of operations outside the buffer in memory. This vulnerability allows an attacker to access confidential data and also trigger a service failure.

The vulnerability of the Jp2Image::readMetadata function in the jp2image.cpp component of the Exiv2 media metadata management library is related to an improper check on the rawData.size property. Exploiting this vulnerability could allow a remote attacker to access confidential data, as well as...