Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-37621

Опубликовано: 09 авг. 2021
Источник: nvd
CVSS3: 5.5
CVSS2: 4.3
EPSS Низкий

Описание

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (-p C). The bug is fixed in version v0.27.5.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*
Версия до 0.27.4 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 31%
0.00113
Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-835
CWE-835

Связанные уязвимости

ubuntu логотип

CVE-2021-37621

CVSS3: 5.5
ubuntu
почти 4 года назад

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5.

redhat логотип

CVE-2021-37621

CVSS3: 5.5
redhat
почти 4 года назад

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5.

msrc логотип

CVE-2021-37621

CVSS3: 5.5
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2021-37621

CVSS3: 5.5
debian
почти 4 года назад

Exiv2 is a command-line utility and C++ library for reading, writing, ...

fstec логотип

BDU:2023-01673

CVSS3: 5.3
fstec
почти 4 года назад

Уязвимость команд библиотеки для управления метаданными медиафайлов Exiv2, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 31%
0.00113
Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-835
CWE-835