Information on source package exiv2

Available versions

ReleaseVersion
wheezy0.23-1
wheezy (security)0.23-1+deb7u1
jessie0.24-4.1
stretch0.25-3.1
buster0.25-3.1
sid0.25-3.1

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2017-9239fixedvulnerable (no DSA)fixedfixedfixedAn issue was discovered in Exiv2 0.26. When the data structure of the ...
CVE-2017-12956vulnerablevulnerablevulnerablevulnerablevulnerableThere is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() ...
CVE-2017-12955vulnerablevulnerablevulnerablevulnerablevulnerableThere is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The ...
CVE-2017-11683vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThere is a reachable assertion in the ...
CVE-2017-11592vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThere is a Mismatched Memory Management Routines vulnerability in the ...
CVE-2017-11591vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThere is a Floating point exception in the Exiv2::ValueType function in ...
CVE-2017-11553vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThere is an illegal address access in the extend_alias_table function ...
CVE-2017-11340vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThere is a Segmentation fault in the XmpParser::terminate() function in ...
CVE-2017-11339vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThere is a heap-based buffer overflow in the Image::printIFDStructure ...
CVE-2017-11338vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThere is an infinite loop in the Exiv2::Image::printIFDStructure ...
CVE-2017-11337vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThere is an invalid free in the Action::TaskFactory::cleanup function ...
CVE-2017-11336vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThere is a heap-based buffer over-read in the Image::printIFDStructure ...

Resolved issues

BugDescription
CVE-2017-9953There is an invalid free in Image::printIFDStructure that leads to a ...
CVE-2014-9449Buffer overflow in the RiffVideo::infoTagsHandler function in ...
CVE-2008-2696Exiv2 0.16 allows user-assisted remote attackers to cause a denial of ...
CVE-2007-6353Integer overflow in exif.cpp in exiv2 library allows context-dependent ...
CVE-2005-4676Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null ...

Security announcements

DSA / DLADescription
DLA-963-1exiv2 - security update
DSA-1474-1exiv2 - arbitrary code execution

Search for package or bug name: Reporting problems