CVE-2021-3482

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions Exiv2 versions prior to 0.27.4-RC1

Description The issue is related to the Jp2Image::readMetadata() function in the jp2image.cpp component of the Exiv2 library, which is used for managing media file metadata. The problem arises from improper input validation of the rawData.size property. This can lead to a heap-based buffer overflow when a specially crafted JPG image containing malicious EXIF data is processed. As a result, a remote attacker could potentially gain access to confidential data and cause a denial of service.

Recommendations For Exiv2 versions prior to 0.27.4-RC1, consider updating to a version later than 0.27.4-RC1 to resolve the issue. As a temporary workaround, consider restricting the use of the Jp2Image::readMetadata() function in jp2image.cpp until a patch is available. Avoid using the rawData.size property in the affected Jp2Image::readMetadata() function until the issue is resolved.

Fix

Buffer Overflow

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-20CWE-787

Related Identifiers

ALSA-2021:4173

ALT-PU-2021-2006

ALT-PU-2021-3308

ALT-PU-2024-13399

AZL-7217

BDU:2021-05214

CESA-2021_4173

CVE-2021-3482

DLA-2750-1

DSA-4958-1

MGASA-2021-0240

OESA-2021-1183

RHSA-2021:4173

RHSA-2021_4173

RLSA-2021:4173

USN-4941-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Exiv2

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

CVE-2021-3482

Weakness Enumeration

Related Identifiers

Affected Products

References · 75