PT-2021-7718 · Exiv2+6 · Exiv2+6

Kevin Backhouse

Published

2021-07-11

Updated

2025-01-10

CVE-2021-37620

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Exiv2 versions v0.27.4 and earlier

Description The issue is related to an out-of-bounds read in the Exiv2 library, which can be triggered when reading the metadata of a specially crafted image file. This could potentially allow a remote attacker to cause a denial of service. The library is used for managing metadata of image files.

Recommendations For Exiv2 versions v0.27.4 and earlier, update to version v0.27.5 to resolve the issue.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2021-3110

ALT-PU-2021-3499

ALT-PU-2024-13399

AZL-7222

BDU:2023-01704

CVE-2021-37620

DLA-3265-1

GHSA-V5G7-46XF-H728

MGASA-2021-0415

OESA-2021-1451

OESA-2022-1955

OESA-2022-2044

OPENSUSE-SU-2022_3598-1

OPENSUSE-SU-2022_3889-1

OPENSUSE-SU-2024:12381-1

SUSE-SU-2022:3598-1

SUSE-SU-2022:3889-1

SUSE-SU-2022:4252-1

USN-5043-1

USN-5043-2

Affected Products

Alt Linux

Astra Linux

Exiv2

Linuxmint

Red Os

Suse

Ubuntu

PT-2021-7718 · Exiv2+6 · Exiv2+6

CVE-2021-37620

Weakness Enumeration

Related Identifiers

Affected Products

References · 131