Lucene search
Veracode Vulnerability DatabaseVERACODE:30361HistoryMay 06, 2021 - 7:12 a.m.
Buffer Overflow
2021-05-0607:12:34
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
exiv2
buffer overflow
input validation
jp2image
readmetadata
jpg image
heap-based
malicious exif data
EPSS
0.006
Percentile
77.9%
exiv2 is vulnerable to buffer overflow. The vulnerability exists due to improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.
References
bugzilla.redhat.com/show_bug.cgi?id=1946314
lists.debian.org/debian-lts-announce/2021/08/msg00028.html
lists.fedoraproject.org/archives/list/[email protected]/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/
lists.fedoraproject.org/archives/list/[email protected]/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.13/community.yaml
www.debian.org/security/2021/dsa-4958
Related
cbl_mariner
cbl_mariner
CVE-2021-3482 affecting package exiv2 for versions less than 0.27.5-1
2022-06-25 20:53:09
osv
osv
CVE-2021-3482
2021-04-08 23:15:12
exiv2 vulnerabilities
2021-05-10 18:07:19
exiv2 - security update
2021-08-30 00:00:00
nvd
nvd
CVE-2021-3482
2021-04-08 23:15:12
redhatcve
redhatcve
CVE-2021-3482
2021-04-05 20:03:59
cvelist
cvelist
CVE-2021-3482
2021-04-08 22:06:42
ubuntucve
ubuntucve
CVE-2021-3482
2021-04-08 00:00:00
prion
prion
Heap overflow
2021-04-08 23:15:00
debiancve
debiancve
CVE-2021-3482
2021-04-08 23:15:12
alpinelinux
alpinelinux
CVE-2021-3482
2021-04-08 23:15:12
cve
cve
CVE-2021-3482
2021-04-08 23:15:12
ubuntu
ubuntu
Exiv2 vulnerabilities
2021-05-10 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4941-1)
2021-05-11 00:00:00
Debian: Security Advisory (DLA-2750-1)
2021-08-31 00:00:00
Debian: Security Advisory (DSA-4958-1)
2021-08-15 00:00:00
nessus
nessus
Debian DSA-4958-1 : exiv2 - security update
2021-08-14 00:00:00
EulerOS 2.0 SP5 : exiv2 (EulerOS-SA-2021-2327)
2021-09-07 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: exiv2-0.27.3-6.fc33
2021-05-14 21:12:27
[SECURITY] Fedora 34 Update: exiv2-0.27.3-6.fc34
2021-05-04 01:01:31
debian
debian
[SECURITY] [DSA 4958-1] exiv2 security update
2021-08-13 20:53:51
[SECURITY] [DLA 2750-1] exiv2 security update
2021-08-30 03:03:59
archlinux
archlinux
[ASA-202106-54] exiv2: multiple issues
2021-06-22 00:00:00
freebsd
freebsd
Exiv2 -- Multiple vulnerabilities
2021-04-25 00:00:00
mageia
mageia
Updated exiv2 packages fix security vulnerabilities
2021-06-08 19:46:03
rocky
rocky
exiv2 security, bug fix, and enhancement update
2021-11-09 08:31:22
almalinux
almalinux
Moderate: exiv2 security, bug fix, and enhancement update
2021-11-09 08:31:22
redhat
redhat
(RHSA-2021:4173) Moderate: exiv2 security, bug fix, and enhancement update
2021-11-09 08:31:22