There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-07-17
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-07-17
There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-07-17
There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-07-17
There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
CVSS Score
7.5
EPSS Score
0.007
Published
2017-06-26
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-05-26
Page 9