exiv2 - Arch Linux
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2265 | 0.27.4-2 | Low | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-37623 | AVG-2265 | Low | Yes | Denial of service | An infinite loop was found in Exiv2 versions 0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image... |
| CVE-2021-37622 | AVG-2265 | Low | Yes | Denial of service | An infinite loop was found in Exiv2 versions 0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image... |
| CVE-2021-37621 | AVG-2265 | Low | Yes | Denial of service | An infinite loop was found in Exiv2 versions 0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image... |
| CVE-2021-37620 | AVG-2265 | Low | Yes | Denial of service | An out-of-bounds read was found in Exiv2 versions 0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a... |
| CVE-2021-37619 | AVG-2265 | Low | Yes | Denial of service | An out-of-bounds read was found in Exiv2 versions 0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a... |
| CVE-2021-37618 | AVG-2265 | Low | Yes | Denial of service | An out-of-bounds read was found in Exiv2 versions 0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to print the metadata of a... |
| CVE-2021-37616 | AVG-2265 | Low | Yes | Denial of service | A null pointer dereference was found in Exiv2 versions 0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the... |
| CVE-2021-37615 | AVG-2265 | Low | Yes | Denial of service | A null pointer dereference was found in Exiv2 versions 0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the... |
| CVE-2021-34335 | AVG-2265 | Low | Yes | Denial of service | A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions 0.27.4 and earlier. The FPE is triggered when Exiv2 is used to... |
| CVE-2021-34334 | AVG-2265 | Low | Yes | Denial of service | An infinite loop is triggered when Exiv2 version 0.27.4 and earlier is used to read the metadata of a crafted image file. An attacker could potentially... |
| CVE-2021-32815 | AVG-2265 | Low | Yes | Denial of service | An assertion failure was found in Exiv2 versions 0.27.4 and earlier. The assertion failure is triggered when Exiv2 is used to modify the metadata of a... |
| CVE-2020-18898 | AVG-2265 | Low | Yes | Denial of service | A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. |
| CVE-2020-18774 | AVG-2265 | Low | Yes | Denial of service | A float point exception in the printLong function in tags_int.cpp of Exiv2 allows attackers to cause a denial of service (DoS) via a crafted TIF file. |
| CVE-2020-18773 | AVG-2265 | Low | Yes | Denial of service | An invalid memory access in the decode function in iptc.cpp of Exiv2 allows attackers to cause a denial of service (DoS) via a crafted TIF file. |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1772 | 0.27.3-1 | 0.27.4-1 | Low | Fixed | |
| AVG-614 | 0.26-2 | 0.27.1-1 | Medium | Fixed | |
| AVG-360 | 0.26-2 | 0.27.1-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-32617 | AVG-1772 | Low | Yes | Denial of service | An inefficient algorithm (quadratic complexity) was found in Exiv2 before version 0.27.4. The inefficient algorithm is triggered when Exiv2 is used to write... |
| CVE-2021-29623 | AVG-1772 | Low | Yes | Information disclosure | A read of uninitialized memory was found in Exiv2 before version 0.27.4. The read of uninitialized memory is triggered when Exiv2 is used to read the... |
| CVE-2021-29473 | AVG-1772 | Low | Yes | Denial of service | An out-of-bounds read was found in Exiv2 before version 0.27.4. An attacker could potentially exploit the vulnerability to cause a denial of service by... |
| CVE-2021-29470 | AVG-1772 | Low | Yes | Denial of service | An out-of-bounds read was found in Exiv2 before version 0.27.4. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted... |
| CVE-2021-29464 | AVG-1772 | Low | Yes | Arbitrary code execution | A heap buffer overflow was found in Exiv2 before version 0.27.4. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image... |
| CVE-2021-29463 | AVG-1772 | Low | Yes | Denial of service | An out-of-bounds read was found in Exiv2 before version 0.27.4. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted... |
| CVE-2021-29458 | AVG-1772 | Low | Yes | Denial of service | An out-of-bounds read was found in Exiv2 before version 0.27.4. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted... |
| CVE-2021-29457 | AVG-1772 | Low | Yes | Arbitrary code execution | A heap buffer overflow was found in Exiv2 before version 0.27.4. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image... |
| CVE-2021-3482 | AVG-1772 | Low | Yes | Arbitrary code execution | A security issue was found in Exiv2 in versions before version 0.27.4. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in... |
| CVE-2020-18771 | AVG-614 | Medium | Yes | Information disclosure | Exiv2 before version 0.27.1 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an... |
| CVE-2017-17725 | AVG-614 | Low | No | Denial of service | In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can... |
| CVE-2017-17724 | AVG-614 | Low | No | Denial of service | In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp. Remote attackers can exploit this... |
| CVE-2017-17723 | AVG-614 | Low | No | Denial of service | In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability... |
| CVE-2017-17722 | AVG-614 | Low | No | Denial of service | In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a... |
| CVE-2017-11592 | AVG-360 | Medium | Yes | Denial of service | There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of... |
| CVE-2017-11591 | AVG-360 | Medium | No | Denial of service | There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. |
| CVE-2017-11553 | AVG-360 | Medium | Yes | Denial of service | There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service. |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 22 Jun 2021 | ASA-202106-54 | AVG-1772 | Low | multiple issues |