exiv2

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Exif, Iptc and XMP metadata manipulation library and tools
Version 0.27.4-2 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-2265 0.27.4-2 Low Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-37623 AVG-2265 Low Yes Denial of service
An infinite loop was found in Exiv2 versions 0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image...
CVE-2021-37622 AVG-2265 Low Yes Denial of service
An infinite loop was found in Exiv2 versions 0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image...
CVE-2021-37621 AVG-2265 Low Yes Denial of service
An infinite loop was found in Exiv2 versions 0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image...
CVE-2021-37620 AVG-2265 Low Yes Denial of service
An out-of-bounds read was found in Exiv2 versions 0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a...
CVE-2021-37619 AVG-2265 Low Yes Denial of service
An out-of-bounds read was found in Exiv2 versions 0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a...
CVE-2021-37618 AVG-2265 Low Yes Denial of service
An out-of-bounds read was found in Exiv2 versions 0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to print the metadata of a...
CVE-2021-37616 AVG-2265 Low Yes Denial of service
A null pointer dereference was found in Exiv2 versions 0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the...
CVE-2021-37615 AVG-2265 Low Yes Denial of service
A null pointer dereference was found in Exiv2 versions 0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the...
CVE-2021-34335 AVG-2265 Low Yes Denial of service
A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions 0.27.4 and earlier. The FPE is triggered when Exiv2 is used to...
CVE-2021-34334 AVG-2265 Low Yes Denial of service
An infinite loop is triggered when Exiv2 version 0.27.4 and earlier is used to read the metadata of a crafted image file. An attacker could potentially...
CVE-2021-32815 AVG-2265 Low Yes Denial of service
An assertion failure was found in Exiv2 versions 0.27.4 and earlier. The assertion failure is triggered when Exiv2 is used to modify the metadata of a...
CVE-2020-18898 AVG-2265 Low Yes Denial of service
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file.
CVE-2020-18774 AVG-2265 Low Yes Denial of service
A float point exception in the printLong function in tags_int.cpp of Exiv2 allows attackers to cause a denial of service (DoS) via a crafted TIF file.
CVE-2020-18773 AVG-2265 Low Yes Denial of service
An invalid memory access in the decode function in iptc.cpp of Exiv2 allows attackers to cause a denial of service (DoS) via a crafted TIF file.

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1772 0.27.3-1 0.27.4-1 Low Fixed
AVG-614 0.26-2 0.27.1-1 Medium Fixed
AVG-360 0.26-2 0.27.1-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-32617 AVG-1772 Low Yes Denial of service
An inefficient algorithm (quadratic complexity) was found in Exiv2 before version 0.27.4. The inefficient algorithm is triggered when Exiv2 is used to write...
CVE-2021-29623 AVG-1772 Low Yes Information disclosure
A read of uninitialized memory was found in Exiv2 before version 0.27.4. The read of uninitialized memory is triggered when Exiv2 is used to read the...
CVE-2021-29473 AVG-1772 Low Yes Denial of service
An out-of-bounds read was found in Exiv2 before version 0.27.4. An attacker could potentially exploit the vulnerability to cause a denial of service by...
CVE-2021-29470 AVG-1772 Low Yes Denial of service
An out-of-bounds read was found in Exiv2 before version 0.27.4. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted...
CVE-2021-29464 AVG-1772 Low Yes Arbitrary code execution
A heap buffer overflow was found in Exiv2 before version 0.27.4. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image...
CVE-2021-29463 AVG-1772 Low Yes Denial of service
An out-of-bounds read was found in Exiv2 before version 0.27.4. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted...
CVE-2021-29458 AVG-1772 Low Yes Denial of service
An out-of-bounds read was found in Exiv2 before version 0.27.4. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted...
CVE-2021-29457 AVG-1772 Low Yes Arbitrary code execution
A heap buffer overflow was found in Exiv2 before version 0.27.4. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image...
CVE-2021-3482 AVG-1772 Low Yes Arbitrary code execution
A security issue was found in Exiv2 in versions before version 0.27.4. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in...
CVE-2020-18771 AVG-614 Medium Yes Information disclosure
Exiv2 before version 0.27.1 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an...
CVE-2017-17725 AVG-614 Low No Denial of service
In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can...
CVE-2017-17724 AVG-614 Low No Denial of service
In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp. Remote attackers can exploit this...
CVE-2017-17723 AVG-614 Low No Denial of service
In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability...
CVE-2017-17722 AVG-614 Low No Denial of service
In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a...
CVE-2017-11592 AVG-360 Medium Yes Denial of service
There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of...
CVE-2017-11591 AVG-360 Medium No Denial of service
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
CVE-2017-11553 AVG-360 Medium Yes Denial of service
There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.

Advisories

Date Advisory Group Severity Type
22 Jun 2021 ASA-202106-54 AVG-1772 Low multiple issues