CVE-2026-50233

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

CVE-2026-50233 Lyrion Music Server 9.2.0 Arbitrary Directory Listing

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

CVE-2026-50233

The CVE-2026-50233 entry concerns Lyrion Music Server 9.2.0 with an arbitrary directory listing flaw in the readdirectory function. The issue is exposed via the CLI service on TCP port 9090 and the HTTP JSON-RPC endpoint at /jsonrpc.js. The vulnerable query accepts a folder parameter and returns ...

CVE-2026-50233

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

📄 Lyrion Music Server 9.2.0 Arbitrary Directory Listing

Lyrion Music Server version 9.2.0 exposes a readdirectory query through both its CLI service TCP port 9090 and its HTTP JSON-RPC endpoint /jsonrpc.js that takes a folder parameter and lists its contents with no restriction to the configured media directories and no authentication in the default...

PT-2026-46952

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

Astra Linux - уязвимость в exiv2

The CiffDirectory::readDirectory method in crwimageint.cpp within Exiv2 0.26 has excessive stack consumption due to a recursive function, resulting in a denial of service...

MiracleLinux 8 : exiv2-0.27.3-2.el8 (AXSA:2021-1970:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1970:01 advisory. exiv2: out-of-bounds read in CiffDirectory::readDirectory due to lack of size check CVE-2019-17402 Tenable has extracted the preceding description block...

EUVD-2010-4630

Malware in sbrugna...

UBUNTU-CVE-2022-40090

An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file...

SUSE CVE-2010-4665

Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entri...

SUSE CVE-2018-17581

CiffDirectory::readDirectory at crwimageint.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service...

SUSE CVE-2019-13110

A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted CRW image file...

SUSE CVE-2019-17402

Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimageint.cpp, because there is no validation of the relationship of the total size to the offset and size...

Denial Of Service (DoS)

libexiv2.so is vulnerable to denial of service. The vulnerability exists in the CiffDirectory::readDirectory function of crwimageint.cpp due to integer overflows which allows an attacker to cause an application crash by providing malicious input...

exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service

CiffDirectory::readDirectory at crwimageint.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service...

Huawei EulerOS: Security Advisory for exiv2 (EulerOS-SA-2019-1995)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-17581

CiffDirectory::readDirectory at crwimageint.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service...

ALPINE-CVE-2019-17402

Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimageint.cpp, because there is no validation of the relationship of the total size to the offset and size...

AZL-7204 CVE-2019-17402 affecting package exiv2 for versions less than 0.27.5-1

Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimageint.cpp, because there is no validation of the relationship of the total size to the offset and size...