CVE-2021-29458

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Exiv2 versions v0.27.3 and earlier

Description The issue is related to an out-of-bounds read in the Exiv2 library, which can be triggered when writing metadata into a crafted image file. This could potentially allow a remote attacker to cause a denial of service by crashing Exiv2 if they can trick the victim into running Exiv2 on a crafted image file. The bug is less frequently triggered since it occurs during metadata writing, a less common operation than reading metadata.

Recommendations For Exiv2 versions v0.27.3 and earlier, update to version v0.27.4 to resolve the issue. As a temporary workaround, consider avoiding the use of the metadata writing functionality in Exiv2 until the update is applied.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2021:4173

ALT-PU-2021-2006

ALT-PU-2024-13399

AZL-7207

BDU:2023-01697

CESA-2021_4173

CVE-2021-29458

DLA-3265-1

GHSA-57JJ-75FM-9RQ5

MGASA-2021-0240

OESA-2021-1183

OPENSUSE-SU-2024:12591-1

RHSA-2021:4173

RHSA-2021_4173

RLSA-2021:4173

USN-4941-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Exiv2

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

CVE-2021-29458

Weakness Enumeration

Related Identifiers

Affected Products

References · 80