Vulnerabilities > Exiv2 > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-30 CVE-2021-29463 Out-of-bounds Read vulnerability in multiple products
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
local
low complexity
exiv2 fedoraproject CWE-125
5.5
5.5
2021-04-23 CVE-2021-29470 Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
network
low complexity
exiv2 fedoraproject
6.5
6.5
2021-04-19 CVE-2021-29458 Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
local
low complexity
exiv2 fedoraproject debian
5.5
5.5
2021-04-08 CVE-2021-3482 Out-of-bounds Write vulnerability in multiple products
A flaw was found in Exiv2 in versions before and including 0.27.4-RC1.
network
low complexity
exiv2 redhat fedoraproject debian CWE-787
6.5
6.5
2019-10-09 CVE-2019-17402 Classic Buffer Overflow vulnerability in multiple products
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.
network
low complexity
exiv2 debian canonical CWE-120
6.5
6.5
2019-08-12 CVE-2019-14982 Integer Overflow or Wraparound vulnerability in Exiv2
In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp.
network
low complexity
exiv2 CWE-190
6.5
6.5
2019-07-28 CVE-2019-14370 Out-of-bounds Read vulnerability in multiple products
In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp.
network
low complexity
exiv2 debian CWE-125
6.5
6.5
2019-07-28 CVE-2019-14369 Out-of-bounds Read vulnerability in multiple products
Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file.
network
low complexity
exiv2 debian CWE-125
6.5
6.5
2019-07-11 CVE-2019-13504 Out-of-bounds Read vulnerability in multiple products
There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2.
network
low complexity
exiv2 debian CWE-125
6.5
6.5
2019-06-30 CVE-2019-13114 NULL Pointer Dereference vulnerability in multiple products
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.
network
low complexity
exiv2 fedoraproject debian canonical CWE-476
6.5
6.5