Your submission was sent successfully! Close

CVE-2021-3482

Published: 8 April 2021

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
exiv2
Launchpad, Ubuntu, Debian
bionic
Released (0.25-3.1ubuntu0.18.04.7)
focal
Released (0.27.2-8ubuntu2.2)
groovy
Released (0.27.3-3ubuntu0.2)
hirsute
Released (0.27.3-3ubuntu1.1)
impish
Released (0.27.3-3ubuntu2)
jammy
Released (0.27.3-3ubuntu2)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (0.25-2.1ubuntu16.04.7+esm1)