Vulnerabilities > Exiv2

DATE CVE VULNERABILITY TITLE RISK
2018-09-19 CVE-2018-17229 Out-of-bounds Write vulnerability in Exiv2 0.26
Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
network
low complexity
exiv2 CWE-787
6.5
2018-09-02 CVE-2018-16336 Out-of-bounds Read vulnerability in multiple products
Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999.
network
low complexity
exiv2 debian canonical CWE-125
6.5
2018-07-17 CVE-2018-14338 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Exiv2 0.26
samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.
network
high complexity
exiv2 CWE-119
8.1
2018-07-13 CVE-2018-14046 Out-of-bounds Read vulnerability in Exiv2 0.26
Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.
network
low complexity
exiv2 CWE-125
8.8
2018-06-13 CVE-2018-12265 Integer Overflow or Wraparound vulnerability in multiple products
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
network
low complexity
exiv2 debian canonical CWE-190
8.8
2018-06-13 CVE-2018-12264 Integer Overflow or Wraparound vulnerability in multiple products
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
network
low complexity
exiv2 debian canonical CWE-190
8.8
2018-05-29 CVE-2018-11531 Out-of-bounds Write vulnerability in multiple products
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.
network
low complexity
exiv2 debian canonical CWE-787
critical
9.8
2018-05-14 CVE-2018-11037 Information Exposure vulnerability in Exiv2 0.26
In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.
network
low complexity
exiv2 CWE-200
6.5
2018-05-12 CVE-2018-10999 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Exiv2 0.26.
network
low complexity
exiv2 debian canonical CWE-125
6.5
2018-05-12 CVE-2018-10998 An issue was discovered in Exiv2 0.26.
network
low complexity
exiv2 canonical debian redhat
6.5