Vulnerabilities > Exiv2 > Exiv2 > 0.27.2

DATE CVE VULNERABILITY TITLE RISK
2020-01-27 CVE-2019-20421 Infinite Loop vulnerability in multiple products
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption.
network
low complexity
exiv2 canonical debian CWE-835
7.8
7.8
2019-10-09 CVE-2019-17402 Classic Buffer Overflow vulnerability in multiple products
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.
network
low complexity
exiv2 debian canonical CWE-120
6.5
6.5