Exiv2 Security Vulnerabilities and Issues — Page 2 of Exiv2 CVE List

Lucene search

Exiv2Exiv2

119 matches found

CVE•added 2021/08/09 7:15 p.m.•107 views

CVE-2021-37622

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker ...

5.5CVSS5.5AI score0.00086EPSS

CVE•added 2021/08/19 10:15 p.m.•106 views

CVE-2020-18898

A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file.

6.5CVSS6.1AI score0.00158EPSS

CVE•added 2018/05/10 2:29 a.m.•104 views

CVE-2018-10958

In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.

6.5CVSS6.4AI score0.01419EPSS

CVE•added 2021/08/09 6:15 p.m.•104 views

CVE-2021-37623

5.5CVSS5.5AI score0.00093EPSS

CVE•added 2021/08/09 8:15 p.m.•103 views

CVE-2021-37615

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted imag...

5.5CVSS5.1AI score0.00075EPSS

CVE•added 2018/03/25 3:29 a.m.•100 views

CVE-2018-8976

In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.

6.5CVSS6.1AI score0.00298EPSS

CVE•added 2018/05/12 4:29 a.m.•99 views

CVE-2018-10998

An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.

6.5CVSS6.2AI score0.01214EPSS

CVE•added 2018/03/25 3:29 a.m.•99 views

CVE-2018-8977

In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file.

6.5CVSS6.1AI score0.00372EPSS

CVE•added 2021/08/09 7:15 p.m.•99 views

CVE-2021-37616

5.5CVSS5.5AI score0.00075EPSS

CVE•added 2021/08/19 10:15 p.m.•96 views

CVE-2020-18899

An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input.

6.5CVSS6.1AI score0.00108EPSS

CVE•added 2019/06/30 11:15 p.m.•95 views

CVE-2019-13108

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.

6.5CVSS6.2AI score0.00425EPSS

CVE•added 2018/12/12 10:29 a.m.•94 views

CVE-2018-20096

There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

6.5CVSS6.4AI score0.01305EPSS

CVE•added 2018/05/14 3:29 a.m.•89 views

CVE-2018-11037

In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.

6.5CVSS6.1AI score0.0051EPSS

CVE•added 2017/12/31 7:29 p.m.•88 views

CVE-2017-18005

Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.

5.5CVSS6AI score0.00108EPSS

CVE•added 2018/01/03 9:29 a.m.•87 views

CVE-2018-4868

The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.

5.5CVSS5.6AI score0.00384EPSS

CVE•added 2018/04/04 9:29 p.m.•86 views

CVE-2018-9303

In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort.

6.5CVSS6.5AI score0.00433EPSS

CVE•added 2019/02/25 3:29 p.m.•85 views

CVE-2019-9143

An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

8.8CVSS7.4AI score0.00477EPSS

CVE•added 2021/07/13 10:15 p.m.•85 views

CVE-2020-19716

A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS).

6.5CVSS6.4AI score0.00131EPSS

CVE•added 2017/07/24 1:29 a.m.•84 views

CVE-2017-11591

There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

7.5CVSS7.2AI score0.00491EPSS

CVE•added 2018/04/04 9:29 p.m.•84 views

CVE-2018-9304

In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service.

6.5CVSS6.4AI score0.00455EPSS

CVE•added 2023/11/06 6:15 p.m.•84 views

CVE-2023-44398

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, BmffImage::brotliUncompress, is new in v0.28.0, so earlier versions of Exiv2 are not affect...

8.8CVSS8.4AI score0.00473EPSS

CVE•added 2018/07/17 12:29 p.m.•80 views

CVE-2018-14338

samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.

8.1CVSS7.4AI score0.00414EPSS

CVE•added 2021/08/23 10:15 p.m.•79 views

CVE-2020-18771

Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak.

8.1CVSS7.8AI score0.00205EPSS

CVE•added 2017/07/27 6:29 a.m.•78 views

CVE-2017-11683

There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

6.5CVSS6.5AI score0.00408EPSS

CVE•added 2019/08/12 11:15 p.m.•78 views

CVE-2019-14982

In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. It can lead to a buffer overflow vulnerability and a crash.

6.5CVSS6.4AI score0.00616EPSS

CVE•added 2017/09/29 1:34 a.m.•74 views

CVE-2017-14864

An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

5.5CVSS6AI score0.00129EPSS

CVE•added 2018/09/02 3:29 a.m.•74 views

CVE-2018-16336

Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999.

6.5CVSS6.2AI score0.01845EPSS

CVE•added 2018/01/18 7:29 a.m.•74 views

CVE-2018-5772

In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.

5.5CVSS5.6AI score0.00315EPSS

CVE•added 2017/09/29 1:34 a.m.•72 views

CVE-2017-14862

An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

5.5CVSS6AI score0.00129EPSS

CVE•added 2017/09/29 1:34 a.m.•71 views

CVE-2017-14859

An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

5.5CVSS6AI score0.00129EPSS

CVE•added 2018/02/12 10:29 p.m.•65 views

CVE-2017-17724

In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the "!= 0x1c" case. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file.

6.5CVSS6.2AI score0.00647EPSS

CVE•added 2025/02/18 8:15 p.m.•64 views

CVE-2025-26623

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are not affected. Exiv2 is a command-line utility and C++ li...

5.3CVSS7.7AI score0.00174EPSS

CVE•added 2017/12/13 10:29 p.m.•63 views

CVE-2017-17669

There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.

5.5CVSS6.1AI score0.00167EPSS

CVE•added 2018/07/13 3:29 p.m.•60 views

CVE-2018-14046

Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.

8.8CVSS6.5AI score0.00396EPSS

CVE•added 2017/11/17 10:29 p.m.•58 views

CVE-2017-1000128

Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser

5.5CVSS5.4AI score0.00103EPSS

CVE•added 2017/06/26 11:29 p.m.•58 views

CVE-2017-9953

There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.

7.5CVSS6.7AI score0.00656EPSS

CVE•added 2017/09/29 1:34 a.m.•57 views

CVE-2017-14865

There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.

5.5CVSS5.5AI score0.00309EPSS

CVE•added 2021/08/23 10:15 p.m.•56 views

CVE-2020-18773

An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.

6.5CVSS6.2AI score0.00101EPSS

CVE•added 2015/01/02 8:59 p.m.•54 views

CVE-2014-9449

Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.

5CVSS6.5AI score0.01465EPSS

CVE•added 2017/07/17 1:18 p.m.•53 views

CVE-2017-11339

There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.

6.5CVSS6.5AI score0.00328EPSS

CVE•added 2017/08/18 9:29 p.m.•52 views

CVE-2017-12955

There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.

8.8CVSS8.4AI score0.01903EPSS

CVE•added 2024/07/08 4:15 p.m.•52 views

CVE-2024-39695

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds rea...

6.5CVSS5.4AI score0.00455EPSS

CVE•added 2017/08/18 9:29 p.m.•51 views

CVE-2017-12956

There is an illegal address access in Exiv2::FileIo::pathabi:cxx11 in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service.

6.5CVSS6.3AI score0.00567EPSS

CVE•added 2024/02/12 11:15 p.m.•51 views

CVE-2024-25112

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, QuickTimeVideo::multip...

5.5CVSS5.1AI score0.00016EPSS

CVE•added 2017/07/17 1:18 p.m.•50 views

CVE-2017-11336

There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.

6.5CVSS6.4AI score0.01065EPSS

CVE•added 2017/07/24 1:29 a.m.•50 views

CVE-2017-11592

There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input.

7.5CVSS7.2AI score0.00656EPSS

CVE•added 2018/03/30 8:29 a.m.•50 views

CVE-2018-9145

In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf...

6.5CVSS6.6AI score0.00348EPSS

CVE•added 2017/07/17 1:18 p.m.•49 views

CVE-2017-11337

There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.

6.5CVSS6.4AI score0.00567EPSS

CVE•added 2017/07/23 3:29 a.m.•49 views

CVE-2017-11553

There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.

7.5CVSS7.2AI score0.00748EPSS

CVE•added 2024/02/12 11:15 p.m.•49 views

CVE-2024-24826

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, QuickTimeVideo::NikonTagsDecoder, was new in v0.28.0, so Exiv2 versions before v0.28 are not ...

5.5CVSS5.1AI score0.00042EPSS

Total number of security vulnerabilities119