CVE-2021-21235

CVSS v3.1

5.7

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: kamadak-exif version 0.5.2

Description: The issue is related to an infinite loop in parsing crafted PNG files, specifically in the reader::read from container function. This can lead to a denial-of-service (DoS) condition when used with untrusted data. Applications that do not pass files with the PNG signature to Reader::read from container are not affected.

Recommendations: For kamadak-exif version 0.5.2, update to version 0.5.3 to resolve the issue. As a temporary workaround, consider avoiding the use of reader::read from container with crafted PNG files until a patch is available. Restrict access to Reader::read from container to minimize the risk of exploitation.

Fix

Infinite Loop

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835CWE-400

Related Identifiers

CVE-2021-21235

GHSA-PX9G-8HGV-JVG2

RUSTSEC-2021-0143

Affected Products

Kamadak-Exif

CVE-2021-21235

Weakness Enumeration

Related Identifiers

Affected Products

References · 14