Action not permitted
Modal body text goes here.
Modal Title
Modal Body
alsa-2020:1577
Vulnerability from osv_almalinux
Published
2020-04-28 08:52
Modified
2021-11-12 10:20
Summary
Moderate: exiv2 security, bug fix, and enhancement update
Details
The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments.
The following packages have been upgraded to a later upstream version: exiv2 (0.27.2). (BZ#1651917)
Security Fix(es):
-
exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS (CVE-2019-20421)
-
exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp (CVE-2017-18005)
-
exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp (CVE-2018-4868)
-
exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp (CVE-2018-9303)
-
exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp (CVE-2018-9304)
-
exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305)
-
exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772)
-
exiv2: information leak via a crafted file (CVE-2018-11037)
-
exiv2: buffer overflow in samples/geotag.cpp (CVE-2018-14338)
-
exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp (CVE-2018-17229)
-
exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp (CVE-2018-17230)
-
exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282)
-
exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581)
-
exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915)
-
exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107)
-
exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108)
-
exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535)
-
exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607)
-
exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096)
-
exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097)
-
exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098)
-
exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099)
-
exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service (CVE-2019-9143)
-
exiv2: denial of service in PngImage::readMetadata (CVE-2019-13109)
-
exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service (CVE-2019-13111)
-
exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service (CVE-2019-13112)
-
exiv2: invalid data location in CRW image file causing denial of service (CVE-2019-13113)
-
exiv2: null-pointer dereference in http.c causing denial of service (CVE-2019-13114)
-
exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9306)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "exiv2-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.27.2-5.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "exiv2-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.27.2-5.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gegl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.0-39.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gnome-color-manager"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.28.0-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libgexiv2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.8-4.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libgexiv2-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.8-4.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments.\n\nThe following packages have been upgraded to a later upstream version: exiv2 (0.27.2). (BZ#1651917)\n\nSecurity Fix(es):\n\n* exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS (CVE-2019-20421)\n\n* exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp (CVE-2017-18005)\n\n* exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp (CVE-2018-4868)\n\n* exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp (CVE-2018-9303)\n\n* exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp (CVE-2018-9304)\n\n* exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305)\n\n* exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772)\n\n* exiv2: information leak via a crafted file (CVE-2018-11037)\n\n* exiv2: buffer overflow in samples/geotag.cpp (CVE-2018-14338)\n\n* exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp (CVE-2018-17229)\n\n* exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp (CVE-2018-17230)\n\n* exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282)\n\n* exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581)\n\n* exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915)\n\n* exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107)\n\n* exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108)\n\n* exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535)\n\n* exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607)\n\n* exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096)\n\n* exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097)\n\n* exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098)\n\n* exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099)\n\n* exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service (CVE-2019-9143)\n\n* exiv2: denial of service in PngImage::readMetadata (CVE-2019-13109)\n\n* exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service (CVE-2019-13111)\n\n* exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service (CVE-2019-13112)\n\n* exiv2: invalid data location in CRW image file causing denial of service (CVE-2019-13113)\n\n* exiv2: null-pointer dereference in http.c causing denial of service (CVE-2019-13114)\n\n* exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9306)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2020:1577",
"modified": "2021-11-12T10:20:55Z",
"published": "2020-04-28T08:52:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2020-1577.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2017-18005"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-10772"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-11037"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-14338"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-17229"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-17230"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-17282"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-17581"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-18915"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-19107"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-19108"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-19535"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-19607"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-20096"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-20097"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-20098"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-20099"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-4868"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-9303"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-9304"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-9305"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-9306"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-13109"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-13111"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-13112"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-13113"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-13114"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-20421"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-9143"
}
],
"related": [
"CVE-2019-20421",
"CVE-2017-18005",
"CVE-2018-4868",
"CVE-2018-9303",
"CVE-2018-9304",
"CVE-2018-9305",
"CVE-2018-10772",
"CVE-2018-11037",
"CVE-2018-14338",
"CVE-2018-17229",
"CVE-2018-17230",
"CVE-2018-17282",
"CVE-2018-17581",
"CVE-2018-18915",
"CVE-2018-19107",
"CVE-2018-19108",
"CVE-2018-19535",
"CVE-2018-19607",
"CVE-2018-20096",
"CVE-2018-20097",
"CVE-2018-20098",
"CVE-2018-20099",
"CVE-2019-9143",
"CVE-2019-13109",
"CVE-2019-13111",
"CVE-2019-13112",
"CVE-2019-13113",
"CVE-2019-13114",
"CVE-2018-9306"
],
"summary": "Moderate: exiv2 security, bug fix, and enhancement update"
}
CVE-2018-19107 (GCVE-0-2018-19107)
Vulnerability from cvelistv5 – Published: 2018-11-08 00:00 – Updated: 2024-08-05 11:30
VLAI?
EPSS
Summary
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:03.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/427"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/pull/518"
},
{
"name": "USN-4056-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html"
},
{
"url": "https://github.com/Exiv2/exiv2/issues/427"
},
{
"url": "https://github.com/Exiv2/exiv2/pull/518"
},
{
"name": "USN-4056-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19107",
"datePublished": "2018-11-08T00:00:00.000Z",
"dateReserved": "2018-11-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:03.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9305 (GCVE-0-2018-9305)
Vulnerability from cvelistv5 – Published: 2018-04-04 21:00 – Updated: 2024-08-05 07:17
VLAI?
EPSS
Summary
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:52.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/263"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md"
},
{
"name": "GLSA-201811-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-14"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "openSUSE-SU-2020:0482",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the \"== 0x1c\" case."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T23:06:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/263"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md"
},
{
"name": "GLSA-201811-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-14"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "openSUSE-SU-2020:0482",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the \"== 0x1c\" case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/263",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/263"
},
{
"name": "https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md"
},
{
"name": "GLSA-201811-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-14"
},
{
"name": "RHSA-2019:2101",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "openSUSE-SU-2020:0482",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9305",
"datePublished": "2018-04-04T21:00:00.000Z",
"dateReserved": "2018-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:52.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20096 (GCVE-0-2018-20096)
Vulnerability from cvelistv5 – Published: 2018-12-12 08:00 – Updated: 2024-08-05 11:51
VLAI?
EPSS
Summary
There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:18.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/590"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206"
},
{
"name": "FEDORA-2019-c9cbbbb5c0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/590"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206"
},
{
"name": "FEDORA-2019-c9cbbbb5c0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/590",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/590"
},
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206"
},
{
"name": "FEDORA-2019-c9cbbbb5c0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/"
},
{
"name": "RHSA-2019:2101",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20096",
"datePublished": "2018-12-12T08:00:00.000Z",
"dateReserved": "2018-12-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:51:18.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17230 (GCVE-0-2018-17230)
Vulnerability from cvelistv5 – Published: 2018-09-19 22:00 – Updated: 2024-08-05 10:47
VLAI?
EPSS
Summary
Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:03.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/455"
},
{
"name": "openSUSE-SU-2020:0482",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T23:06:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/455"
},
{
"name": "openSUSE-SU-2020:0482",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/455",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/455"
},
{
"name": "openSUSE-SU-2020:0482",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17230",
"datePublished": "2018-09-19T22:00:00.000Z",
"dateReserved": "2018-09-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:47:03.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19607 (GCVE-0-2018-19607)
Vulnerability from cvelistv5 – Published: 2018-11-27 07:00 – Updated: 2024-08-05 11:37
VLAI?
EPSS
Summary
Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:11.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/561"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "openSUSE-SU-2020:0482",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T23:06:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/561"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "openSUSE-SU-2020:0482",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/561",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/561"
},
{
"name": "RHSA-2019:2101",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "openSUSE-SU-2020:0482",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19607",
"datePublished": "2018-11-27T07:00:00.000Z",
"dateReserved": "2018-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:37:11.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9306 (GCVE-0-2018-9306)
Vulnerability from cvelistv5 – Published: 2018-04-04 21:00 – Updated: 2018-04-19 20:57
VLAI?
EPSS
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17724. Reason: This candidate is a reservation duplicate of CVE-2017-17724. Notes: All CVE users should reference CVE-2017-17724 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2018-04-19T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17724. Reason: This candidate is a reservation duplicate of CVE-2017-17724. Notes: All CVE users should reference CVE-2017-17724 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9306",
"datePublished": "2018-04-04T21:00:00.000Z",
"dateRejected": "2018-04-19T20:57:01.000Z",
"dateReserved": "2018-04-04T00:00:00.000Z",
"dateUpdated": "2018-04-19T20:57:01.000Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2018-19535 (GCVE-0-2018-19535)
Vulnerability from cvelistv5 – Published: 2018-11-26 00:00 – Updated: 2024-08-05 11:37
VLAI?
EPSS
Summary
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:11.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/428"
},
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/pull/430"
},
{
"name": "USN-4056-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Exiv2/exiv2/issues/428"
},
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html"
},
{
"url": "https://github.com/Exiv2/exiv2/pull/430"
},
{
"name": "USN-4056-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19535",
"datePublished": "2018-11-26T00:00:00.000Z",
"dateReserved": "2018-11-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:37:11.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20098 (GCVE-0-2018-20098)
Vulnerability from cvelistv5 – Published: 2018-12-12 08:00 – Updated: 2024-08-05 11:51
VLAI?
EPSS
Summary
There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:19.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/590"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206"
},
{
"name": "FEDORA-2019-c9cbbbb5c0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/590"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206"
},
{
"name": "FEDORA-2019-c9cbbbb5c0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/590",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/590"
},
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206"
},
{
"name": "FEDORA-2019-c9cbbbb5c0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/"
},
{
"name": "RHSA-2019:2101",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20098",
"datePublished": "2018-12-12T08:00:00.000Z",
"dateReserved": "2018-12-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:51:19.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9304 (GCVE-0-2018-9304)
Vulnerability from cvelistv5 – Published: 2018-04-04 21:00 – Updated: 2024-08-05 07:17
VLAI?
EPSS
Summary
In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/262"
},
{
"name": "GLSA-201811-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/262"
},
{
"name": "GLSA-201811-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md"
},
{
"name": "https://github.com/Exiv2/exiv2/issues/262",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/262"
},
{
"name": "GLSA-201811-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9304",
"datePublished": "2018-04-04T21:00:00.000Z",
"dateReserved": "2018-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:51.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17581 (GCVE-0-2018-17581)
Vulnerability from cvelistv5 – Published: 2018-09-28 00:00 – Updated: 2024-08-05 10:54
VLAI?
EPSS
Summary
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:54:09.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/460"
},
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html"
},
{
"name": "USN-3852-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3852-1/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/SegfaultMasters/covering360/blob/master/Exiv2"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Exiv2/exiv2/issues/460"
},
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html"
},
{
"name": "USN-3852-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3852-1/"
},
{
"url": "https://github.com/SegfaultMasters/covering360/blob/master/Exiv2"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17581",
"datePublished": "2018-09-28T00:00:00.000Z",
"dateReserved": "2018-09-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:54:09.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19108 (GCVE-0-2018-19108)
Vulnerability from cvelistv5 – Published: 2018-11-08 00:00 – Updated: 2024-08-05 11:30
VLAI?
EPSS
Summary
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/426"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/pull/518"
},
{
"name": "USN-4056-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "openSUSE-SU-2020:0482",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html"
},
{
"url": "https://github.com/Exiv2/exiv2/issues/426"
},
{
"url": "https://github.com/Exiv2/exiv2/pull/518"
},
{
"name": "USN-4056-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "openSUSE-SU-2020:0482",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19108",
"datePublished": "2018-11-08T00:00:00.000Z",
"dateReserved": "2018-11-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:04.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4868 (GCVE-0-2018-4868)
Vulnerability from cvelistv5 – Published: 2018-01-03 09:00 – Updated: 2024-08-05 05:18
VLAI?
EPSS
Summary
The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:18:27.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/202"
},
{
"name": "102477",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102477"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/202"
},
{
"name": "102477",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102477"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/202",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/202"
},
{
"name": "102477",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102477"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-4868",
"datePublished": "2018-01-03T09:00:00.000Z",
"dateReserved": "2018-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:18:27.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11037 (GCVE-0-2018-11037)
Vulnerability from cvelistv5 – Published: 2018-05-14 03:00 – Updated: 2024-08-05 07:54
VLAI?
EPSS
Summary
In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/307"
},
{
"name": "GLSA-201811-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-14"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/307"
},
{
"name": "GLSA-201811-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-14"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/307",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/307"
},
{
"name": "GLSA-201811-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-14"
},
{
"name": "RHSA-2019:2101",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11037",
"datePublished": "2018-05-14T03:00:00.000Z",
"dateReserved": "2018-05-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:54:36.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13114 (GCVE-0-2019-13114)
Vulnerability from cvelistv5 – Published: 2019-06-30 00:00 – Updated: 2024-08-04 23:41
VLAI?
EPSS
Summary
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/793"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/pull/815"
},
{
"name": "USN-4056-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"name": "FEDORA-2019-60553d5a18",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K45429077?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "openSUSE-SU-2020:0482",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Exiv2/exiv2/issues/793"
},
{
"url": "https://github.com/Exiv2/exiv2/pull/815"
},
{
"name": "USN-4056-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"name": "FEDORA-2019-60553d5a18",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
},
{
"url": "https://support.f5.com/csp/article/K45429077?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "openSUSE-SU-2020:0482",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13114",
"datePublished": "2019-06-30T00:00:00.000Z",
"dateReserved": "2019-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:41:10.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20421 (GCVE-0-2019-20421)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:22 – Updated: 2024-08-05 02:39
VLAI?
EPSS
Summary
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/1011"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8"
},
{
"name": "USN-4270-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4270-1/"
},
{
"name": "DSA-4958",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4958"
},
{
"name": "[debian-lts-announce] 20210830 [SECURITY] [DLA 2750-1] exiv2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T04:06:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/1011"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8"
},
{
"name": "USN-4270-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4270-1/"
},
{
"name": "DSA-4958",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4958"
},
{
"name": "[debian-lts-announce] 20210830 [SECURITY] [DLA 2750-1] exiv2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/1011",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/1011"
},
{
"name": "https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8"
},
{
"name": "USN-4270-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4270-1/"
},
{
"name": "DSA-4958",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4958"
},
{
"name": "[debian-lts-announce] 20210830 [SECURITY] [DLA 2750-1] exiv2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20421",
"datePublished": "2020-01-27T04:22:10.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17229 (GCVE-0-2018-17229)
Vulnerability from cvelistv5 – Published: 2018-09-19 22:00 – Updated: 2024-08-05 10:47
VLAI?
EPSS
Summary
Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:03.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/453"
},
{
"name": "openSUSE-SU-2020:0482",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T23:06:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/453"
},
{
"name": "openSUSE-SU-2020:0482",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/453",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/453"
},
{
"name": "openSUSE-SU-2020:0482",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17229",
"datePublished": "2018-09-19T22:00:00.000Z",
"dateReserved": "2018-09-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:47:03.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10772 (GCVE-0-2018-10772)
Vulnerability from cvelistv5 – Published: 2018-05-07 02:00 – Updated: 2024-08-05 07:46
VLAI?
EPSS
Summary
The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566260"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566260"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1566260",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566260"
},
{
"name": "RHSA-2019:2101",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10772",
"datePublished": "2018-05-07T02:00:00.000Z",
"dateReserved": "2018-05-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:46:47.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9143 (GCVE-0-2019-9143)
Vulnerability from cvelistv5 – Published: 2019-02-25 15:00 – Updated: 2024-08-04 21:38
VLAI?
EPSS
Summary
An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2imageprinttiffstructure-exiv2-0-27/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/711"
},
{
"name": "107161",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107161"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-27T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2imageprinttiffstructure-exiv2-0-27/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/711"
},
{
"name": "107161",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107161"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2imageprinttiffstructure-exiv2-0-27/",
"refsource": "MISC",
"url": "https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2imageprinttiffstructure-exiv2-0-27/"
},
{
"name": "https://github.com/Exiv2/exiv2/issues/711",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/711"
},
{
"name": "107161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107161"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9143",
"datePublished": "2019-02-25T15:00:00.000Z",
"dateReserved": "2019-02-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:38:46.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9303 (GCVE-0-2018-9303)
Vulnerability from cvelistv5 – Published: 2018-04-04 21:00 – Updated: 2024-08-05 07:17
VLAI?
EPSS
Summary
In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:52.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md"
},
{
"name": "GLSA-201811-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md"
},
{
"name": "GLSA-201811-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md"
},
{
"name": "GLSA-201811-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9303",
"datePublished": "2018-04-04T21:00:00.000Z",
"dateReserved": "2018-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:52.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13109 (GCVE-0-2019-13109)
Vulnerability from cvelistv5 – Published: 2019-06-30 22:20 – Updated: 2024-08-04 23:41
VLAI?
EPSS
Summary
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/790"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/pull/795"
},
{
"name": "FEDORA-2019-60553d5a18",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-09T02:06:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/790"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/795"
},
{
"name": "FEDORA-2019-60553d5a18",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/790",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/790"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/795",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/pull/795"
},
{
"name": "FEDORA-2019-60553d5a18",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13109",
"datePublished": "2019-06-30T22:20:02.000Z",
"dateReserved": "2019-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:41:10.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13111 (GCVE-0-2019-13111)
Vulnerability from cvelistv5 – Published: 2019-06-30 22:20 – Updated: 2024-08-04 23:41
VLAI?
EPSS
Summary
A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/791"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/pull/797"
},
{
"name": "FEDORA-2019-60553d5a18",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-09T02:06:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/791"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/797"
},
{
"name": "FEDORA-2019-60553d5a18",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/791",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/791"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/797",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/pull/797"
},
{
"name": "FEDORA-2019-60553d5a18",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13111",
"datePublished": "2019-06-30T22:20:54.000Z",
"dateReserved": "2019-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:41:10.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20097 (GCVE-0-2018-20097)
Vulnerability from cvelistv5 – Published: 2018-12-12 00:00 – Updated: 2024-08-05 11:51
VLAI?
EPSS
Summary
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:18.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/590"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206"
},
{
"name": "FEDORA-2019-c9cbbbb5c0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html"
},
{
"url": "https://github.com/Exiv2/exiv2/issues/590"
},
{
"url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206"
},
{
"name": "FEDORA-2019-c9cbbbb5c0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20097",
"datePublished": "2018-12-12T00:00:00.000Z",
"dateReserved": "2018-12-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:51:18.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17282 (GCVE-0-2018-17282)
Vulnerability from cvelistv5 – Published: 2018-09-20 20:00 – Updated: 2024-08-05 10:47
VLAI?
EPSS
Summary
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:03.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/457"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "openSUSE-SU-2020:0482",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T23:06:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/457"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "openSUSE-SU-2020:0482",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/457",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/457"
},
{
"name": "RHSA-2019:2101",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"name": "openSUSE-SU-2020:0482",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17282",
"datePublished": "2018-09-20T20:00:00.000Z",
"dateReserved": "2018-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:47:03.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13113 (GCVE-0-2019-13113)
Vulnerability from cvelistv5 – Published: 2019-06-30 22:21 – Updated: 2024-08-04 23:41
VLAI?
EPSS
Summary
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/841"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/pull/842"
},
{
"name": "USN-4056-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"name": "FEDORA-2019-60553d5a18",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-09T02:06:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/841"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/842"
},
{
"name": "USN-4056-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"name": "FEDORA-2019-60553d5a18",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/841",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/841"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/842",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/pull/842"
},
{
"name": "USN-4056-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"name": "FEDORA-2019-60553d5a18",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13113",
"datePublished": "2019-06-30T22:21:47.000Z",
"dateReserved": "2019-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:41:10.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18005 (GCVE-0-2017-18005)
Vulnerability from cvelistv5 – Published: 2017-12-31 19:00 – Updated: 2024-09-17 02:01
VLAI?
EPSS
Summary
Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:49.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/168"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Exiv2/exiv2/issues/168"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18005",
"datePublished": "2017-12-31T19:00:00.000Z",
"dateReserved": "2017-12-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:01:44.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18915 (GCVE-0-2018-18915)
Vulnerability from cvelistv5 – Published: 2018-11-03 04:00 – Updated: 2024-08-05 11:23
VLAI?
EPSS
Summary
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/511"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/511"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/511",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/511"
},
{
"name": "RHSA-2019:2101",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18915",
"datePublished": "2018-11-03T04:00:00.000Z",
"dateReserved": "2018-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:23:08.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13112 (GCVE-0-2019-13112)
Vulnerability from cvelistv5 – Published: 2019-06-30 00:00 – Updated: 2024-08-04 23:41
VLAI?
EPSS
Summary
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/845"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/pull/846"
},
{
"name": "USN-4056-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"name": "FEDORA-2019-60553d5a18",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Exiv2/exiv2/issues/845"
},
{
"url": "https://github.com/Exiv2/exiv2/pull/846"
},
{
"name": "USN-4056-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4056-1/"
},
{
"name": "FEDORA-2019-60553d5a18",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13112",
"datePublished": "2019-06-30T00:00:00.000Z",
"dateReserved": "2019-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:41:10.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14338 (GCVE-0-2018-14338)
Vulnerability from cvelistv5 – Published: 2018-07-17 12:00 – Updated: 2024-09-16 18:55
VLAI?
EPSS
Summary
samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:21:41.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-17T12:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/382"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/382",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/382"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14338",
"datePublished": "2018-07-17T12:00:00.000Z",
"dateReserved": "2018-07-17T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:55:29.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20099 (GCVE-0-2018-20099)
Vulnerability from cvelistv5 – Published: 2018-12-12 08:00 – Updated: 2024-08-05 11:51
VLAI?
EPSS
Summary
There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:19.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/590"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206"
},
{
"name": "FEDORA-2019-c9cbbbb5c0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/590"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206"
},
{
"name": "FEDORA-2019-c9cbbbb5c0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/"
},
{
"name": "RHSA-2019:2101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/590",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/590"
},
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206"
},
{
"name": "FEDORA-2019-c9cbbbb5c0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/"
},
{
"name": "RHSA-2019:2101",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20099",
"datePublished": "2018-12-12T08:00:00.000Z",
"dateReserved": "2018-12-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:51:19.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…