PT-2021-7927 · Exiv2+4 · Exiv2+4

Kevinbackhouse

Published

2021-08-09

Updated

2025-01-10

CVE-2021-37616

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Exiv2 versions v0.27.4 and earlier

Description A null pointer dereference was found in Exiv2, which can be triggered when printing the metadata of a crafted image file. This can potentially be exploited by an attacker to cause a denial of service if they can trick the victim into running Exiv2 on a crafted image file. The bug is only triggered when printing the interpreted (translated) data, which requires an extra command line option (-p t or -P t).

Recommendations For Exiv2 versions v0.27.4 and earlier, update to version v0.27.5 to resolve the issue. As a temporary workaround, consider avoiding the use of the -p t or -P t command line options to minimize the risk of exploitation.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2021-3110

ALT-PU-2021-3499

ALT-PU-2024-13399

AZL-7219

BDU:2023-05488

CVE-2021-37616

GHSA-54F7-VVJ7-545W

MGASA-2021-0415

OESA-2021-1451

OESA-2022-1955

OESA-2022-2044

USN-5043-1

Affected Products

Alt Linux

Exiv2

Linuxmint

Red Os

Ubuntu

PT-2021-7927 · Exiv2+4 · Exiv2+4

CVE-2021-37616

Weakness Enumeration

Related Identifiers

Affected Products

References · 57