exiv2

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Exif, Iptc and XMP metadata manipulation library and tools
Version 0.26-2 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-614 0.26-2 Low Vulnerable
AVG-360 0.26-2 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2017-17725 AVG-614 Low No Denial of service
In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can...
CVE-2017-17724 AVG-614 Low No Denial of service
In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp. Remote attackers can exploit this...
CVE-2017-17723 AVG-614 Low No Denial of service
In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability...
CVE-2017-17722 AVG-614 Low No Denial of service
In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a...
CVE-2017-11592 AVG-360 Medium Yes Denial of service
There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of...
CVE-2017-11591 AVG-360 Medium No Denial of service
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
CVE-2017-11553 AVG-360 Medium Yes Denial of service
There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.