exiv2
PyPI12 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting exiv2page 1 of 1
- CVE-2017-9239MEDIUMCVSS 6.5EG 6.52017-05-26
vulnerable: 0.1 ... 0.17.5 (28 versions)
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a …
- CVE-2018-20096MEDIUMCVSS 6.52018-12-12
vulnerable: 0.1 ... 0.17.5 (28 versions)
There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
- CVE-2018-20097MEDIUMCVSS 6.52018-12-12
vulnerable: 0.1 ... 0.17.5 (28 versions)
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
- CVE-2018-20098MEDIUMCVSS 6.52018-12-12
vulnerable: 0.1 ... 0.17.5 (28 versions)
There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
- CVE-2018-20099MEDIUMCVSS 6.52018-12-12
vulnerable: 0.1 ... 0.17.5 (28 versions)
There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
- CVE-2019-13114MEDIUMCVSS 6.52019-06-30
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.
- CVE-2020-18831HIGHCVSS 7.8EG 7.82023-08-22
vulnerable: 0.1 ... 0.17.5 (28 versions)
Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.
- CVE-2020-18899MEDIUMCVSS 6.5EG 6.52021-08-19
vulnerable: 0.1 ... 0.17.5 (28 versions)
An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input.
- CVE-2021-31292HIGHCVSS 7.5EG 7.52021-07-26
vulnerable: 0.1 ... 0.17.5 (28 versions)
An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata.
- CVE-2023-44398HIGHCVSS 8.8EG 8.8✓ Fixed in e884a0955359107f4031c74a07406df7e99929a52023-11-06
vulnerable: 0.1 ... 0.17.5 (28 versions)
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, …
- CVE-2024-24826MEDIUMCVSS 5.5EG 5.5✓ Fixed in 0.16.12024-02-12
vulnerable: 0.16.0
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder…
- CVE-2024-25112MEDIUMCVSS 5.5EG 5.5✓ Fixed in 0.16.12024-02-12
vulnerable: 0.16.0
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhaustin…
Check whether exiv2 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for exiv2 CVEs against the assets you own.
Start Free Scan →