Lucene search

K

GoogleOSV:CVE-2021-29623

HistoryMay 13, 2021 - 5:15 p.m.

CVE-2021-29623

2021-05-1317:15:07

Google

osv.dev

13

exiv2

c++

vulnerability

metadata

image files

stack memory

exploit

fix

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

32.7%

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4.

References

github.com/Exiv2/exiv2/pull/1627

github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5I3RRZUGSBIUYZ5TIHLN55PKMAWCSJ5G/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2BPQNJKTRIDINTVJ22QMMTIZEPHVKXK/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQAKFIQHW2AS3AGSJM42ABOA6CWIJBGM/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZ5SGWHK64TB7ADRSVBGHEPDFN5CSOO3/

security.gentoo.org/glsa/202312-06

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

32.7%

Related for OSV:CVE-2021-29623

cvelist1 ubuntucve1 nvd1 debiancve1 veracode1 alpinelinux1 prion1 cbl_mariner1 redhatcve1 cve1 openvas9 nessus14 fedora4 ubuntu1 osv3 mageia1 freebsd1 archlinux1 rocky1 redhat1 almalinux1 suse1 gentoo1