Information on source package exiv2

Available versions

ReleaseVersion
jessie0.24-4.1+deb8u6
stretch0.25-3.1+deb9u2
stretch (security)0.25-3.1+deb9u3
buster0.25-4+deb10u2
bullseye0.27.3-3+deb11u1
bookworm0.27.3-3.1
sid0.27.3-3.1

Open issues

BugjessiestretchbusterbullseyebookwormsidDescription
CVE-2021-37623vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableExiv2 is a command-line utility and C++ library for reading, writing, ...
CVE-2021-37622vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableExiv2 is a command-line utility and C++ library for reading, writing, ...
CVE-2021-37621vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableExiv2 is a command-line utility and C++ library for reading, writing, ...
CVE-2021-37620vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableExiv2 is a command-line utility and C++ library for reading, writing, ...
CVE-2021-37619vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableExiv2 is a command-line utility and C++ library for reading, writing, ...
CVE-2021-37618vulnerablevulnerablevulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableExiv2 is a command-line utility and C++ library for reading, writing, ...
CVE-2021-37616vulnerablevulnerablevulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableExiv2 is a command-line utility and C++ library for reading, writing, ...
CVE-2021-37615vulnerablevulnerablevulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableExiv2 is a command-line utility and C++ library for reading, writing, ...
CVE-2021-34335vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableExiv2 is a command-line utility and C++ library for reading, writing, ...
CVE-2021-34334vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableExiv2 is a command-line utility and C++ library for reading, writing, ...
CVE-2021-32815vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableExiv2 is a command-line utility and C++ library for reading, writing, ...
CVE-2021-32617vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableExiv2 is a command-line utility and C++ library for reading, writing, ...
CVE-2021-29623vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableExiv2 is a C++ library and a command-line utility to read, write, dele ...
CVE-2021-29473fixedfixedfixedvulnerable (no DSA)vulnerablevulnerableExiv2 is a C++ library and a command-line utility to read, write, dele ...
CVE-2021-29470fixedfixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableExiv2 is a command-line utility and C++ library for reading, writing, ...
CVE-2021-29464fixedfixedfixedvulnerable (no DSA)vulnerablevulnerableExiv2 is a command-line utility and C++ library for reading, writing, ...
CVE-2021-29463fixedfixedfixedvulnerable (no DSA)vulnerablevulnerableExiv2 is a command-line utility and C++ library for reading, writing, ...
CVE-2021-29458vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableExiv2 is a command-line utility and C++ library for reading, writing, ...
CVE-2021-3482fixedfixedfixedvulnerable (no DSA)vulnerablevulnerableA flaw was found in Exiv2 in versions before and including 0.27.4-RC1. ...
CVE-2020-19716undeterminedundeterminedundeterminedundeterminedundeterminedundeterminedA buffer overflow vulnerability in the Databuf function in types.cpp o ...
CVE-2020-18899vulnerablevulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedAn uncontrolled memory allocation in DataBufdata(subBox.length-sizeof( ...
CVE-2020-18771vulnerablevulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedExiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Niko ...
CVE-2019-17402fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedExiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in ...
CVE-2019-14370fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedIn Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage: ...
CVE-2019-14369fixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedExiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 all ...
CVE-2019-13504fixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedThere is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrw ...
CVE-2019-13114fixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedhttp.c in Exiv2 through 0.27.1 allows a malicious http server to cause ...
CVE-2019-13112vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedA PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 ...
CVE-2019-13110vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedA CiffDirectory::readDirectory integer overflow and out-of-bounds read ...
CVE-2019-13109fixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedAn integer overflow in Exiv2 through 0.27.1 allows an attacker to caus ...
CVE-2019-13108fixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedAn integer overflow in Exiv2 through 0.27.1 allows an attacker to caus ...
CVE-2018-20097fixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedThere is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroup ...
CVE-2018-19535fixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedIn Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngch ...
CVE-2018-19108fixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedIn Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PS ...
CVE-2018-19107fixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedIn Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdi ...
CVE-2018-17581fixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedCiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has e ...
CVE-2018-11037fixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedIn Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimag ...
CVE-2018-9144vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedIn Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::bina ...
CVE-2018-8976vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedIn Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial ...
CVE-2017-18005vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedExiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toL ...
CVE-2017-17669vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedThere is a heap-based buffer over-read in the Exiv2::Internal::PngChun ...
CVE-2017-14864vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedAn Invalid memory address dereference was discovered in Exiv2::getULon ...
CVE-2017-14862vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedAn Invalid memory address dereference was discovered in Exiv2::DataVal ...
CVE-2017-14859vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedAn Invalid memory address dereference was discovered in Exiv2::StringV ...
CVE-2017-11591vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedThere is a Floating point exception in the Exiv2::ValueType function i ...
CVE-2017-9239vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedAn issue was discovered in Exiv2 0.26. When the data structure of the ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormsidDescription
CVE-2020-18898vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableA stack exhaustion issue in the printIFDStructure function of Exiv2 0. ...
CVE-2020-18774vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableA float point exception in the printLong function in tags_int.cpp of E ...
CVE-2020-18773vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableAn invalid memory access in the decode function in iptc.cpp of Exiv2 0 ...
CVE-2019-13113vulnerablevulnerablevulnerablefixedfixedfixedExiv2 through 0.27.1 allows an attacker to cause a denial of service ( ...
CVE-2018-14338vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablesamples/geotag.cpp in the example code of Exiv2 0.26 misuses the realp ...
CVE-2017-11683vulnerablevulnerablevulnerablefixedfixedfixedThere is a reachable assertion in the Internal::TiffReader::visitDirec ...

Resolved issues

BugDescription
CVE-2021-31292An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows att ...
CVE-2021-31291
CVE-2021-29457Exiv2 is a command-line utility and C++ library for reading, writing, ...
CVE-2019-20421In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input ...
CVE-2019-14982In Exiv2 before v0.27.2, there is an integer overflow vulnerability in ...
CVE-2019-14368Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage:: ...
CVE-2019-13111A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 all ...
CVE-2019-9144An issue was discovered in Exiv2 0.27. There is infinite recursion at ...
CVE-2019-9143An issue was discovered in Exiv2 0.27. There is infinite recursion at ...
CVE-2018-20099There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2im ...
CVE-2018-20098There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2He ...
CVE-2018-20096There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf fun ...
CVE-2018-19607Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote att ...
CVE-2018-18915There is an infinite loop in the Exiv2::Image::printIFDStructure funct ...
CVE-2018-17282An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue: ...
CVE-2018-17230Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to ...
CVE-2018-17229Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to c ...
CVE-2018-16336Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote ...
CVE-2018-14046Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunk ...
CVE-2018-12265Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in prev ...
CVE-2018-12264Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.c ...
CVE-2018-11531Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. ...
CVE-2018-10999An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk:: ...
CVE-2018-10998An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp al ...
CVE-2018-10958In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT d ...
CVE-2018-10780Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based bu ...
CVE-2018-10772The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allow ...
CVE-2018-9305In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in ip ...
CVE-2018-9304In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffim ...
CVE-2018-9303In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigti ...
CVE-2018-9145In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issu ...
CVE-2018-8977In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonm ...
CVE-2018-5772In Exiv2 0.26, there is a segmentation fault caused by uncontrolled re ...
CVE-2018-4868The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0. ...
CVE-2017-1000128Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...
CVE-2017-1000127Exiv2 0.26 contains a heap buffer overflow in tiff parser ...
CVE-2017-1000126exiv2 0.26 contains a Stack out of bounds read in webp parser ...
CVE-2017-17725In Exiv2 0.26, there is an integer overflow leading to a heap-based bu ...
CVE-2017-17724In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Ip ...
CVE-2017-17723In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Im ...
CVE-2017-17722In Exiv2 0.26, there is a reachable assertion in the readHeader functi ...
CVE-2017-14866There is a heap-based buffer overflow in the Exiv2::s2Data function of ...
CVE-2017-14865There is a heap-based buffer overflow in the Exiv2::us2Data function o ...
CVE-2017-14863A NULL pointer dereference was discovered in Exiv2::Image::printIFDStr ...
CVE-2017-14861There is a stack consumption vulnerability in the Exiv2::Internal::str ...
CVE-2017-14860There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMet ...
CVE-2017-14858There is a heap-based buffer overflow in the Exiv2::l2Data function of ...
CVE-2017-14857In Exiv2 0.26, there is an invalid free in the Image class in image.cp ...
CVE-2017-12957There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that ...
CVE-2017-12956There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() ...
CVE-2017-12955There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. Th ...
CVE-2017-11592There is a Mismatched Memory Management Routines vulnerability in the ...
CVE-2017-11553There is an illegal address access in the extend_alias_table function ...
CVE-2017-11340There is a Segmentation fault in the XmpParser::terminate() function i ...
CVE-2017-11339There is a heap-based buffer overflow in the Image::printIFDStructure ...
CVE-2017-11338There is an infinite loop in the Exiv2::Image::printIFDStructure funct ...
CVE-2017-11337There is an invalid free in the Action::TaskFactory::cleanup function ...
CVE-2017-11336There is a heap-based buffer over-read in the Image::printIFDStructure ...
CVE-2017-9953There is an invalid free in Image::printIFDStructure that leads to a S ...
CVE-2014-9449Buffer overflow in the RiffVideo::infoTagsHandler function in riffvide ...
CVE-2008-2696Exiv2 0.16 allows user-assisted remote attackers to cause a denial of ...
CVE-2007-6353Integer overflow in exif.cpp in exiv2 library allows context-dependent ...
CVE-2005-4676Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null termi ...

Security announcements

DSA / DLADescription
DLA-2750-1exiv2 - security update
ELA-479-1exiv2 - security update
DSA-4958-1exiv2 - security update
DLA-2019-1exiv2 - security update
DLA-1855-1exiv2 - security update
DLA-1691-1exiv2 - security update
DLA-1551-1exiv2 - security update
DSA-4238-1exiv2 - security update
DLA-1402-1exiv2 - security update
ELA-10-1exiv2 - security update
DLA-1147-1exiv2 - security update
DLA-963-1exiv2 - security update
DSA-1474-1exiv2 - arbitrary code execution

Search for package or bug name: Reporting problems