CVE-2021-29457

Published: 19 April 2021

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4.

Priority

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package	Release	Status
exiv2 Launchpad, Ubuntu, Debian	jammy	Released (0.27.3-3ubuntu2)
	impish	Released (0.27.3-3ubuntu2)
	trusty	Does not exist
	upstream	Needs triage
	bionic	Released (0.25-3.1ubuntu0.18.04.7)
	focal	Released (0.27.2-8ubuntu2.2)
	groovy	Released (0.27.3-3ubuntu0.2)
	hirsute	Released (0.27.3-3ubuntu1.1)
	xenial	Released (0.25-2.1ubuntu16.04.7+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	Patches: upstream: https://github.com/Exiv2/exiv2/pull/1534/commits/13e5a3e02339b746abcaee6408893ca2fd8e289d

Severity score breakdown

Parameter	Value
Base score	7.8
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Bugs

https://bugs.launchpad.net/ubuntu/+source/exiv2/+bug/1923479

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›