Vulnerabilities > Exiv2

DATE CVE VULNERABILITY TITLE RISK
2024-07-08 CVE-2024-39695 Out-of-bounds Read vulnerability in Exiv2 0.28.0/0.28.1/0.28.2
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
network
low complexity
exiv2 CWE-125
6.5
2023-11-06 CVE-2023-44398 Out-of-bounds Write vulnerability in Exiv2 0.28.0
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata.
network
low complexity
exiv2 CWE-787
8.8
2023-08-22 CVE-2020-18831 Out-of-bounds Write vulnerability in Exiv2 0.27.1
Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.
local
low complexity
exiv2 CWE-787
7.8
2021-08-23 CVE-2020-18771 Out-of-bounds Read vulnerability in multiple products
Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak.
network
low complexity
exiv2 debian CWE-125
8.1
2021-08-23 CVE-2020-18773 Out-of-bounds Write vulnerability in Exiv2 0.27.99.0
An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.
network
low complexity
exiv2 CWE-787
6.5
2021-08-23 CVE-2020-18774 Divide By Zero vulnerability in Exiv2 0.27.99.0
A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.
network
low complexity
exiv2 CWE-369
6.5
2021-08-19 CVE-2020-18898 Uncontrolled Recursion vulnerability in Exiv2 0.27
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file.
network
low complexity
exiv2 CWE-674
6.5
2021-08-19 CVE-2020-18899 Allocation of Resources Without Limits or Throttling vulnerability in Exiv2 0.27
An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input.
network
low complexity
exiv2 CWE-770
6.5
2021-08-09 CVE-2021-34335 Divide By Zero vulnerability in multiple products
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
local
low complexity
exiv2 fedoraproject CWE-369
5.5
2021-08-09 CVE-2021-37615 NULL Pointer Dereference vulnerability in multiple products
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
local
low complexity
exiv2 fedoraproject CWE-476
5.5