Vulnerabilities > Exiv2 > Exiv2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-13 | CVE-2018-14046 | Out-of-bounds Read vulnerability in Exiv2 0.26 Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp. | 6.8 |
| 2018-06-13 | CVE-2018-12265 | Out-of-bounds Read vulnerability in multiple products Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp. | 6.8 |
| 2018-06-13 | CVE-2018-12264 | Out-of-bounds Read vulnerability in multiple products Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp. | 6.8 |
| 2018-05-29 | CVE-2018-11531 | Out-of-bounds Write vulnerability in multiple products Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. | 7.5 |
| 2018-05-14 | CVE-2018-11037 | Information Exposure vulnerability in Exiv2 0.26 In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file. | 4.3 |
| 2018-05-12 | CVE-2018-10999 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Exiv2 0.26. | 4.3 |
| 2018-05-12 | CVE-2018-10998 | An issue was discovered in Exiv2 0.26. | 6.5 |
| 2018-05-10 | CVE-2018-10958 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. | 4.3 |
| 2018-05-07 | CVE-2018-10780 | Out-of-bounds Read vulnerability in Exiv2 0.26 Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read. | 4.3 |
| 2018-05-07 | CVE-2018-10772 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Exiv2 The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | 4.3 |