exiv2

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Exif, Iptc and XMP metadata manipulation library and tools
Version 0.27.4-2 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1772 0.27.3-1 0.27.4-1 Low Fixed
AVG-614 0.26-2 0.27.1-1 Low Fixed
AVG-360 0.26-2 0.27.1-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-32617 AVG-1772 Low Yes Denial of service
An inefficient algorithm (quadratic complexity) was found in Exiv2 before version 0.27.4. The inefficient algorithm is triggered when Exiv2 is used to write...
CVE-2021-29623 AVG-1772 Low Yes Information disclosure
A read of uninitialized memory was found in Exiv2 before version 0.27.4. The read of uninitialized memory is triggered when Exiv2 is used to read the...
CVE-2021-29473 AVG-1772 Low Yes Denial of service
An out-of-bounds read was found in Exiv2 before version 0.27.4. An attacker could potentially exploit the vulnerability to cause a denial of service by...
CVE-2021-29470 AVG-1772 Low Yes Denial of service
An out-of-bounds read was found in Exiv2 before version 0.27.4. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted...
CVE-2021-29464 AVG-1772 Low Yes Arbitrary code execution
A heap buffer overflow was found in Exiv2 before version 0.27.4. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image...
CVE-2021-29463 AVG-1772 Low Yes Denial of service
An out-of-bounds read was found in Exiv2 before version 0.27.4. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted...
CVE-2021-29458 AVG-1772 Low Yes Denial of service
An out-of-bounds read was found in Exiv2 before version 0.27.4. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted...
CVE-2021-29457 AVG-1772 Low Yes Arbitrary code execution
A heap buffer overflow was found in Exiv2 before version 0.27.4. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image...
CVE-2021-3482 AVG-1772 Low Yes Arbitrary code execution
A security issue was found in Exiv2 in versions before version 0.27.4. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in...
CVE-2017-17725 AVG-614 Low No Denial of service
In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can...
CVE-2017-17724 AVG-614 Low No Denial of service
In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp. Remote attackers can exploit this...
CVE-2017-17723 AVG-614 Low No Denial of service
In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability...
CVE-2017-17722 AVG-614 Low No Denial of service
In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a...
CVE-2017-11592 AVG-360 Medium Yes Denial of service
There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of...
CVE-2017-11591 AVG-360 Medium No Denial of service
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
CVE-2017-11553 AVG-360 Medium Yes Denial of service
There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.

Advisories

Date Advisory Group Severity Type
22 Jun 2021 ASA-202106-54 AVG-1772 Low multiple issues