PT-2021-7922 · Exiv2+9 · Exiv2+9

Yuawn

Published

2021-05-13

Updated

2025-01-17

CVE-2021-29623

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Exiv2 versions v0.27.3 and earlier

Description A read of uninitialized memory was found in Exiv2, which is triggered when the utility is used to read the metadata of a crafted image file. This could potentially allow an attacker to leak a few bytes of stack memory if they can trick the victim into running Exiv2 on a crafted image file. The vulnerability is related to the use of an uninitialized resource and may allow an attacker to gain unauthorized access to protected information.

Recommendations For Exiv2 versions v0.27.3 and earlier, update to version v0.27.4 to resolve the issue. As a temporary workaround, consider avoiding the use of Exiv2 to read metadata from untrusted image files until the update is applied.

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

ALSA-2021:4173

ALT-PU-2021-2006

ALT-PU-2024-13399

AZL-7212

BDU:2023-05479

CESA-2021_4173

CVE-2021-29623

GHSA-6253-QJWM-3Q4V

MGASA-2021-0240

OESA-2021-1204

OPENSUSE-SU-2022_3889-1

OPENSUSE-SU-2024:12063-1

RHSA-2021:4173

RHSA-2021_4173

RLSA-2021:4173

SUSE-SU-2022:3889-1

USN-4964-1

Affected Products

Alt Linux

Almalinux

Centos

Exiv2

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2021-7922 · Exiv2+9 · Exiv2+9

CVE-2021-29623

Weakness Enumeration

Related Identifiers

Affected Products

References · 104