U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:exiv2:exiv2:0.26:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 87 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2017-1000127

Exiv2 0.26 contains a heap buffer overflow in tiff parser

Published: November 17, 2017; 5:29:00 PM -0500
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-1000126

exiv2 0.26 contains a Stack out of bounds read in webp parser

Published: November 17, 2017; 5:29:00 PM -0500
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14866

There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.

Published: September 28, 2017; 9:34:50 PM -0400
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14865

There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.

Published: September 28, 2017; 9:34:49 PM -0400
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14864

An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Published: September 28, 2017; 9:34:49 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14863

A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Published: September 28, 2017; 9:34:49 PM -0400
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14862

An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Published: September 28, 2017; 9:34:49 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14861

There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.

Published: September 28, 2017; 9:34:49 PM -0400
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14860

There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.

Published: September 28, 2017; 9:34:49 PM -0400
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14859

An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Published: September 28, 2017; 9:34:49 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14858

There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.

Published: September 28, 2017; 9:34:49 PM -0400
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14857

In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack.

Published: September 28, 2017; 9:34:49 PM -0400
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-12957

There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.

Published: August 18, 2017; 5:29:00 PM -0400
V4.0:(not available)
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-12956

There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service.

Published: August 18, 2017; 5:29:00 PM -0400
V4.0:(not available)
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-12955

There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.

Published: August 18, 2017; 5:29:00 PM -0400
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-11683

There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

Published: July 27, 2017; 2:29:00 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-11592

There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input.

Published: July 23, 2017; 9:29:00 PM -0400
V4.0:(not available)
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-11591

There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

Published: July 23, 2017; 9:29:00 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-11553

There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.

Published: July 22, 2017; 11:29:00 PM -0400
V4.0:(not available)
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-11340

There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack.

Published: July 17, 2017; 9:18:20 AM -0400
V4.0:(not available)
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM