Astra Linux - уязвимость в exiv2

There is a out-of-bounds read in the Exiv2::MrwImage::readMetadata method in mrwimage.cpp, within Exiv2 from version 0.27.2 onwards...

Astra Linux - уязвимость в exiv2

In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file may lead to an infinite loop and system hangs, accompanied by high CPU consumption. Remote attackers could exploit this vulnerability to cause a denial of service by using a specially crafted file...

SUSE SLES15 / openSUSE 15 Security Update : exiv2-0_26 (SUSE-SU-2026:0231-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0231-1 advisory. Add reference for previously fixed issue: - CVE-2025-55304: Fixed quadratic performance algorithm in the ICC profile parsing...

Security update for exiv2-0_26

This update for exiv2-026 fixes the following issues: Add reference for previously fixed issue: CVE-2025-55304: Fixed quadratic performance algorithm in the ICC profile parsing code of JpegBase::readMetadata bsc1248963. Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2026:0231-1 Security update for exiv2-0_26

This update for exiv2-026 fixes the following issues: Add reference for previously fixed issue: - CVE-2025-55304: Fixed quadratic performance algorithm in the ICC profile parsing code of JpegBase::readMetadata bsc1248963...

ROS-20251028-07

A vulnerability in the library commands for Exiv2 media file metadata management is related to the following quadratic algorithm in the ICC profile analysis code in jpegBase::readMetadata can lead to a prolonged Exiv2. Exploitation of the vulnerability could allow an attacker to cause a denial of...

EUVD-2019-4961

Malware in sbrugna...

FreeBSD : exiv2 -- Denial-of-service (340dc4c1-895a-11f0-b6e5-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 340dc4c1-895a-11f0-b6e5-4ccc6adda413 advisory. Kevin Backhouse reports: A denial-of-service was found in Exiv2 version v0.28.5: a quadratic algorithm ...

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the jpegBase::readMetadata function. An attacker can cause excessive resource consumption and make the application unresponsive by submitting a specially crafted jpg image file. Remediation A fix w...

SUSE CVE-2018-10998

An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service SIGABRT by triggering an incorrect Safe::add call...

SUSE CVE-2018-19108

In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service infinite loop caused by an integer overflow via a crafted PSD image file...

SUSE CVE-2019-13109

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction...

SUSE CVE-2019-14369

Exiv2::PngImage::readMetadata in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service heap-based buffer over-read via a crafted image file...

SUSE CVE-2021-3482

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data...

There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2.

...

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

...

exiv2: Heap-based buffer overflow in Jp2Image::readMetadata()

A flaw was found in Exiv2. Improper input validation of the rawData.size property in the Jp2Image::readMetadata function in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. The highest threat from this vulnerability is to confidentialit...

Buffer Overflow

exiv2 is vulnerable to buffer overflow. The vulnerability exists due to improper input validation of the rawData.size property in Jp2Image::readMetadata in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data...

CVE-2021-3482

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data...

PT-2021-4547 · Exiv2 +9 · Exiv2 +9

Name of the Vulnerable Software and Affected Versions: Exiv2 versions prior to 0.27.4-RC1 Description: The issue is related to the Jp2Image::readMetadata function in the jp2image.cpp component of the Exiv2 library, which is used for managing media file metadata. The problem arises from improper...