CVE-2021-29464

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Exiv2 versions v0.27.3 and earlier

Description A heap buffer overflow was found in Exiv2 when used to write metadata into a crafted image file. This could potentially allow an attacker to gain code execution if they can trick the victim into running Exiv2 on a crafted image file. The bug is only triggered when writing metadata, which is a less frequently used operation than reading metadata. For example, to trigger the bug in the Exiv2 command-line application, an extra command-line argument such as insert is needed.

Recommendations For Exiv2 versions v0.27.3 and earlier, update to version v0.27.4 to resolve the issue. As a temporary workaround, consider avoiding the use of the insert command-line argument or any other operation that triggers metadata writing until the update is applied. Restrict access to potentially crafted image files to minimize the risk of exploitation.

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALSA-2021:4173

ALT-PU-2021-2006

ALT-PU-2024-13399

AZL-7209

BDU:2025-00326

CESA-2021_4173

CVE-2021-29464

GHSA-JGM9-5FW5-PW9P

MGASA-2021-0240

OESA-2021-1183

RHSA-2021:4173

RHSA-2021_4173

RLSA-2021:4173

USN-4964-1

Affected Products

Alt Linux

Almalinux

Centos

Exiv2

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

CVE-2021-29464

Weakness Enumeration

Related Identifiers

Affected Products

References · 67