Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-34335

Опубликовано: 09 авг. 2021
Источник: nvd
CVSS3: 4.7
CVSS3: 5.5
CVSS2: 4.3
EPSS Низкий

Описание

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (-p t or -P t). The bug is fixed in version v0.27.5.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*
Версия до 0.27.4 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

EPSS

Процентиль: 28%
0.00098
Низкий

4.7 Medium

CVSS3

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-369
CWE-369

Связанные уязвимости

ubuntu логотип

CVE-2021-34335

CVSS3: 4.7
ubuntu
почти 4 года назад

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.

redhat логотип

CVE-2021-34335

CVSS3: 4.7
redhat
почти 4 года назад

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.

msrc логотип

CVE-2021-34335

CVSS3: 5.5
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2021-34335

CVSS3: 4.7
debian
почти 4 года назад

Exiv2 is a command-line utility and C++ library for reading, writing, ...

fstec логотип

BDU:2022-01776

CVSS3: 6.5
fstec
почти 4 года назад

Уязвимость библиотеки для управления метаданными медиафайлов Exiv2, связанная с отсутствием проверки деления на ноль, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 28%
0.00098
Низкий

4.7 Medium

CVSS3

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-369
CWE-369