CVE-2017-17669 CVE-2017-18005 CVE-2018-8976 CVE-2018-17581 CVE-2018-19107 CVE-2018-19108 CVE-2018-19535 CVE-2018-20097 CVE-2019-13110 CVE-2019-13112 CVE-2019-13114 CVE-2019-13504 CVE-2019-14369 CVE-2019-14370 CVE-2019-17402 CVE-2020-18771 CVE-2021-29458 CVE-2021-32815 CVE-2021-34334 CVE-2021-37620 CVE-2021-37621 CVE-2021-37622 Debian Bug : 876893 885981 886006 903813 910060 913272 913273 915135 932467 946341 987277 992705 992706
This update fixes a number of memory access violations and other input validation failures that can be triggered by passing specially crafted files to exiv2.
CVE-2017-11591
There is a Floating point exception in the Exiv2::ValueType function that
will lead to a remote denial of service attack via crafted input.
CVE-2017-14859
An Invalid memory address dereference was discovered in
Exiv2::StringValueBase::read in value.cpp. The vulnerability causes a
segmentation fault and application crash, which leads to denial of service.
CVE-2017-14862
An Invalid memory address dereference was discovered in
Exiv2::DataValue::read in value.cpp. The vulnerability causes a
segmentation fault and application crash, which leads to denial of service.
CVE-2017-14864
An Invalid memory address dereference was discovered in Exiv2::getULong in
types.cpp. The vulnerability causes a segmentation fault and application
crash, which leads to denial of service.
CVE-2017-17669
There is a heap-based buffer over-read in the
Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp. A
crafted PNG file will lead to a remote denial of service attack.
CVE-2017-18005
Exiv2 has a Null Pointer Dereference in the Exiv2::DataValue::toLong
function in value.cpp, related to crafted metadata in a TIFF file.
CVE-2018-8976
jpgimage.cpp allows remote attackers to cause a denial of service...
0.25-4+deb10u4