Vulnerabilities > Exiv2

DATE CVE VULNERABILITY TITLE RISK
2017-09-29 CVE-2017-14857 Use After Free vulnerability in Exiv2 0.26
In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault.
local
low complexity
exiv2 CWE-416
5.5
2017-08-18 CVE-2017-12957 Out-of-bounds Read vulnerability in Exiv2 0.26
There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp.
network
low complexity
exiv2 CWE-125
6.5
2017-08-18 CVE-2017-12956 Out-of-bounds Read vulnerability in Exiv2 0.26
There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service.
network
low complexity
exiv2 CWE-125
6.5
2017-08-18 CVE-2017-12955 Out-of-bounds Write vulnerability in Exiv2 0.26
There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26.
network
low complexity
exiv2 CWE-787
8.8
2017-07-27 CVE-2017-11683 Reachable Assertion vulnerability in multiple products
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
network
low complexity
exiv2 canonical debian CWE-617
6.5
2017-07-24 CVE-2017-11592 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Exiv2 0.26
There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input.
network
low complexity
exiv2 CWE-119
7.5
2017-07-24 CVE-2017-11591 There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
network
low complexity
exiv2 canonical debian
7.5
2017-07-23 CVE-2017-11553 Improper Input Validation vulnerability in Exiv2 0.26
There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26.
network
low complexity
exiv2 CWE-20
7.5
2017-07-17 CVE-2017-11340 Improper Input Validation vulnerability in Exiv2 0.26
There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call.
network
low complexity
exiv2 CWE-20
6.5
2017-07-17 CVE-2017-11339 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Exiv2 0.26
There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26.
network
low complexity
exiv2 CWE-119
6.5