Vulnerabilities > Exiv2 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-06 | CVE-2023-44398 | Out-of-bounds Write vulnerability in Exiv2 0.28.0 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. | 8.8 |
| 2023-08-22 | CVE-2020-18831 | Out-of-bounds Write vulnerability in Exiv2 0.27.1 Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file. | 7.8 |
| 2021-08-23 | CVE-2020-18771 | Out-of-bounds Read vulnerability in multiple products Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak. | 8.1 |
| 2021-07-26 | CVE-2021-31292 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata. | 7.5 |
| 2021-04-30 | CVE-2021-29464 | Out-of-bounds Write vulnerability in multiple products Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 7.8 |
| 2021-04-19 | CVE-2021-29457 | Heap-based Buffer Overflow vulnerability in multiple products Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 7.8 |
| 2020-01-27 | CVE-2019-20421 | Infinite Loop vulnerability in multiple products In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. | 7.8 |
| 2018-05-29 | CVE-2018-11531 | Out-of-bounds Write vulnerability in multiple products Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. | 7.5 |
| 2017-07-24 | CVE-2017-11591 | There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | 7.5 |