CVE-2021-29458

Published: 19 April 2021

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4.

Priority

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package	Release	Status
exiv2 Launchpad, Ubuntu, Debian	bionic	Released (0.25-3.1ubuntu0.18.04.7)
	focal	Released (0.27.2-8ubuntu2.2)
	groovy	Released (0.27.3-3ubuntu0.2)
	jammy	Released (0.27.3-3ubuntu2)
	impish	Released (0.27.3-3ubuntu2)
	trusty	Does not exist
	upstream	Needs triage
	hirsute	Released (0.27.3-3ubuntu1.1)
	xenial	Released (0.25-2.1ubuntu16.04.7+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	Patches: upstream: https://github.com/Exiv2/exiv2/pull/1536/commits/9b7a19f957af53304655ed1efe32253a1b11a8d0

Severity score breakdown

Parameter	Value
Base score	5.5
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Bugs

https://bugs.launchpad.net/ubuntu/+source/exiv2/+bug/1923479

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›