Vulnerabilities > Exiv2

DATE CVE VULNERABILITY TITLE RISK
2019-06-30 CVE-2019-13113 Reachable Assertion vulnerability in multiple products
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.
network
low complexity
exiv2 fedoraproject canonical CWE-617
6.5
2019-06-30 CVE-2019-13112 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.
network
low complexity
exiv2 fedoraproject canonical debian CWE-770
6.5
2019-06-30 CVE-2019-13111 Integer Overflow or Wraparound vulnerability in multiple products
A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.
local
low complexity
exiv2 fedoraproject CWE-190
5.5
2019-06-30 CVE-2019-13110 Integer Overflow or Wraparound vulnerability in multiple products
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.
network
low complexity
exiv2 fedoraproject canonical debian CWE-190
6.5
2019-06-30 CVE-2019-13109 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.
network
low complexity
exiv2 fedoraproject CWE-190
6.5
2019-06-30 CVE-2019-13108 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.
network
low complexity
exiv2 fedoraproject CWE-190
6.5
2019-02-25 CVE-2019-9144 Uncontrolled Recursion vulnerability in Exiv2 0.27
An issue was discovered in Exiv2 0.27.
network
low complexity
exiv2 CWE-674
8.8
2019-02-25 CVE-2019-9143 Uncontrolled Recursion vulnerability in Exiv2 0.27
An issue was discovered in Exiv2 0.27.
network
low complexity
exiv2 CWE-674
8.8
2018-12-12 CVE-2018-20099 Infinite Loop vulnerability in Exiv2 0.27
There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3.
network
low complexity
exiv2 CWE-835
6.5
2018-12-12 CVE-2018-20098 Out-of-bounds Read vulnerability in Exiv2 0.27
There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3.
network
low complexity
exiv2 CWE-125
6.5