Information on source package exiv2

Available versions

ReleaseVersion
jessie0.24-4.1
stretch0.25-3.1
buster0.25-3.1
sid0.25-3.1

Open issues

BugjessiestretchbustersidDescription
CVE-2018-9145undeterminedundeterminedundeterminedundeterminedIn the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an ...
CVE-2018-9144vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableIn Exiv2 0.26, there is an out-of-bounds read in ...
CVE-2018-8976vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableIn Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial ...
CVE-2018-12265vulnerablevulnerablevulnerablevulnerableExiv2 0.26 has an integer overflow in the LoaderExifJpeg class in ...
CVE-2018-12264vulnerablevulnerablevulnerablevulnerableExiv2 0.26 has integer overflows in LoaderTiff::getData() in ...
CVE-2018-11531vulnerablevulnerablevulnerablevulnerableExiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. ...
CVE-2018-11037vulnerablevulnerablevulnerablevulnerableIn Exiv2 0.26, the Exiv2::PngImage::printStructure function in ...
CVE-2018-10999vulnerablevulnerablevulnerablevulnerableAn issue was discovered in Exiv2 0.26. The ...
CVE-2018-10998vulnerablevulnerablevulnerablevulnerableAn issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp ...
CVE-2018-10958vulnerablevulnerablevulnerablevulnerableIn types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT ...
CVE-2018-10780undeterminedundeterminedundeterminedundeterminedExiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based ...
CVE-2017-9239vulnerable (no DSA, ignored)fixedfixedfixedAn issue was discovered in Exiv2 0.26. When the data structure of the ...
CVE-2017-18005vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableExiv2 0.26 has a Null Pointer Dereference in the ...
CVE-2017-17725vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableIn Exiv2 0.26, there is an integer overflow leading to a heap-based ...
CVE-2017-17723vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableIn Exiv2 0.26, there is a heap-based buffer over-read in the ...
CVE-2017-17669vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableThere is a heap-based buffer over-read in the ...
CVE-2017-14864vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableAn Invalid memory address dereference was discovered in Exiv2::getULong ...
CVE-2017-14862vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableAn Invalid memory address dereference was discovered in ...
CVE-2017-14859vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableAn Invalid memory address dereference was discovered in ...
CVE-2017-11683vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableThere is a reachable assertion in the ...
CVE-2017-11591vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableThere is a Floating point exception in the Exiv2::ValueType function in ...
CVE-2017-1000128vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableExiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...

Resolved issues

BugDescription
CVE-2018-9305In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in ...
CVE-2018-9304In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in ...
CVE-2018-9303In Exiv2 0.26, an assertion failure in BigTiffImage::readData in ...
CVE-2018-8977In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in ...
CVE-2018-5772In Exiv2 0.26, there is a segmentation fault caused by uncontrolled ...
CVE-2018-4868The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 ...
CVE-2018-10772The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows ...
CVE-2017-9953There is an invalid free in Image::printIFDStructure that leads to a ...
CVE-2017-17724In Exiv2 0.26, there is a heap-based buffer over-read in the ...
CVE-2017-17722In Exiv2 0.26, there is a reachable assertion in the readHeader ...
CVE-2017-14866There is a heap-based buffer overflow in the Exiv2::s2Data function of ...
CVE-2017-14865There is a heap-based buffer overflow in the Exiv2::us2Data function of ...
CVE-2017-14863A NULL pointer dereference was discovered in ...
CVE-2017-14861There is a stack consumption vulnerability in the ...
CVE-2017-14860There is a heap-based buffer over-read in the ...
CVE-2017-14858There is a heap-based buffer overflow in the Exiv2::l2Data function of ...
CVE-2017-14857In Exiv2 0.26, there is an invalid free in the Image class in image.cpp ...
CVE-2017-12957There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that ...
CVE-2017-12956There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() ...
CVE-2017-12955There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The ...
CVE-2017-11592There is a Mismatched Memory Management Routines vulnerability in the ...
CVE-2017-11553There is an illegal address access in the extend_alias_table function ...
CVE-2017-11340There is a Segmentation fault in the XmpParser::terminate() function in ...
CVE-2017-11339There is a heap-based buffer overflow in the Image::printIFDStructure ...
CVE-2017-11338There is an infinite loop in the Exiv2::Image::printIFDStructure ...
CVE-2017-11337There is an invalid free in the Action::TaskFactory::cleanup function ...
CVE-2017-11336There is a heap-based buffer over-read in the Image::printIFDStructure ...
CVE-2017-1000127Exiv2 0.26 contains a heap buffer overflow in tiff parser ...
CVE-2017-1000126exiv2 0.26 contains a Stack out of bounds read in webp parser ...
CVE-2014-9449Buffer overflow in the RiffVideo::infoTagsHandler function in ...
CVE-2008-2696Exiv2 0.16 allows user-assisted remote attackers to cause a denial of ...
CVE-2007-6353Integer overflow in exif.cpp in exiv2 library allows context-dependent ...
CVE-2005-4676Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null ...

Security announcements

DSA / DLADescription
DLA-1147-1exiv2 - security update
DLA-963-1exiv2 - security update
DSA-1474-1exiv2 - arbitrary code execution

Search for package or bug name: Reporting problems