PT-2021-7922 · Exiv2 +9 · Exiv2 +9

Yuawn

Published

2021-05-13

Updated

2025-01-17

CVE-2021-29623

Report an issue

CVSS v2.0

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions:

Exiv2 versions v0.27.3 and earlier

Description:

A read of uninitialized memory was found in Exiv2, which is triggered when the utility is used to read the metadata of a crafted image file. This could potentially allow an attacker to leak a few bytes of stack memory if they can trick the victim into running Exiv2 on a crafted image file. The vulnerability is related to the use of an uninitialized resource and may allow an attacker to gain unauthorized access to protected information.

Recommendations:

For Exiv2 versions v0.27.3 and earlier, update to version v0.27.4 to resolve the issue. As a temporary workaround, consider avoiding the use of Exiv2 to read metadata from untrusted image files until the update is applied.

Fix

Use of Uninitialized Resource

Weakness Enumeration

CWE-908

Related Identifiers

ALSA-2021:4173

ALT-PU-2021-2006

ALT-PU-2024-13399

BDU:2023-05479

CESA-2021_4173

CVE-2021-29623

GHSA-6253-QJWM-3Q4V

MGASA-2021-0240

OPENSUSE-SU-2022_3889-1

OPENSUSE-SU-2024:12063-1

RHSA-2021:4173

RHSA-2021_4173

RLSA-2021:4173

SUSE-SU-2022:3889-1

USN-4964-1

Affected Products

Alt Linux

Almalinux

Centos

Exiv2

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2021-7922 · Exiv2 +9 · Exiv2 +9

Weakness Enumeration

Related Identifiers

Affected Products

References · 177