Vulnerabilities > Exiv2

DATE CVE VULNERABILITY TITLE RISK
2020-01-27 CVE-2019-20421 Infinite Loop vulnerability in multiple products
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption.
network
low complexity
exiv2 canonical CWE-835
7.8
2019-10-09 CVE-2019-17402 Classic Buffer Overflow vulnerability in Exiv2 0.27.2
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.
network
exiv2 CWE-120
4.3
2019-08-12 CVE-2019-14982 Integer Overflow OR Wraparound vulnerability in Exiv2
In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp.
network
exiv2 CWE-190
4.3
2019-07-28 CVE-2019-14370 Out-Of-Bounds Read vulnerability in Exiv2 0.27.99.0
In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp.
network
exiv2 CWE-125
4.3
2019-07-28 CVE-2019-14369 Out-Of-Bounds Read vulnerability in Exiv2 0.27.99.0
Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file.
network
exiv2 CWE-125
4.3
2019-07-28 CVE-2019-14368 Out-Of-Bounds Read vulnerability in Exiv2 0.27.99.0
Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp.
network
exiv2 CWE-125
6.8
2019-07-11 CVE-2019-13504 Out-Of-Bounds Read vulnerability in Exiv2
There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2.
network
exiv2 CWE-125
4.3
2019-06-30 CVE-2019-13114 Null Pointer Dereference vulnerability in Exiv2
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.
network
exiv2 CWE-476
4.3
2019-06-30 CVE-2019-13113 Reachable Assertion vulnerability in Exiv2
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.
network
exiv2 CWE-617
4.3
2019-06-30 CVE-2019-13112 Allocation of Resources Without Limits OR Throttling vulnerability in Exiv2
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.
network
exiv2 CWE-770
4.3