PT-2021-7926 · Exiv2+9 · Exiv2+9

Kevinbackhouse

·

Published

2021-08-08

·

Updated

2025-01-10

·

CVE-2021-37618

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Exiv2 versions v0.27.4 and earlier
Description An out-of-bounds read was found in Exiv2, a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to print the metadata of a crafted image file, specifically when printing the image ICC profile using the extra command line option -p C. An attacker could potentially exploit this issue to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file.
Recommendations For Exiv2 versions v0.27.4 and earlier, update to version v0.27.5 to resolve the issue. As a temporary workaround, consider avoiding the use of the -p C command line option to minimize the risk of exploitation. Restrict access to crafted image files to prevent potential attacks.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2021:4173
ALSA-2021:4319
ALT-PU-2021-3110
ALT-PU-2021-3499
ALT-PU-2024-13399
AZL-7220
BDU:2023-05487
CESA-2021_4173
CESA-2021_4319
CVE-2021-37618
GHSA-583F-W9PM-99R2
MGASA-2021-0415
OESA-2021-1451
OESA-2022-1955
OESA-2022-2044
OPENSUSE-SU-2022_3598-1
RHSA-2021:4173
RHSA-2021:4319
RHSA-2021_4173
RHSA-2021_4319
RLSA-2021:4173
RLSA-2021:4319
SUSE-SU-2022:3598-1
USN-5043-1

Affected Products

Alt Linux
Almalinux
Centos
Exiv2
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu