exiv2 (SUSE:Linux Enterprise Module for Desktop Applications 15) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Desktop Applications 15 package exiv2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (15)
CVE-2017-12955 — CVSS 8.8 (high): There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in…
CVE-2017-11553 — CVSS 7.5 (high): There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote…
CVE-2017-11591 — CVSS 7.5 (high): There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via…
CVE-2017-11592 — CVSS 7.5 (high): There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote…
CVE-2017-11683 — CVSS 6.5 (medium): There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a…
CVE-2017-12956 — CVSS 6.5 (medium): There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote…
CVE-2017-12957 — CVSS 6.5 (medium): There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will…
CVE-2017-11337 — CVSS 6.5 (medium): There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote…
CVE-2017-11338 — CVSS 6.5 (medium): There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote…
CVE-2017-11339 — CVSS 6.5 (medium): There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a…
CVE-2017-11340 — CVSS 6.5 (medium): There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a…
CVE-2017-14859 — CVSS 5.5 (medium): An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a…
CVE-2017-14860 — CVSS 5.5 (medium): There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will…
CVE-2017-14862 — CVSS 5.5 (medium): An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a…
CVE-2017-14864 — CVSS 5.5 (medium): An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation…