GHSA-CRMJ-QH74-2R36 Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder

Impact A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, QuickTimeVideo::multipleEntriesDecoder, was new in v0.28.0 see https://github.com/Exiv2/exiv2/pull/2337, so Exiv2 versions before v0.28...

Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder

Impact An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, QuickTimeVideo::NikonTagsDecoder, was new in v0.28.0 see https://github.com/Exiv2/exiv2/pull/2337, so Exiv2 versions before v0.28 are not affected. Exiv2 is a command-line utility and C++ library for reading...

CVE-2024-25112

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...

Out-of-bounds

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, QuickTimeVideo::NikonTagsDecoder, was new in v0.28.0, so Exiv2 versions before v0.28 are no...

CVE-2024-24826

Summary (CVE-2024-24826): Exiv2, a C++ library for image metadata, contains an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder, affecting v0.28.1 (v0.28.0 introduced the vulnerable function). Reading metadata from a crafted video can crash the program. Versions before 0.28 are not affected...

Design/Logic Flaw

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, BmffImage::brotliUncompress, is new in v0.28.0, so earlier versions of Exiv2 are not...