Multiple vulnerabilities in Exiv2
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2021-29623 CVE-2021-31292 CVE-2021-29473 CVE-2021-29457 CVE-2021-3482 CVE-2021-31291 CVE-2021-32617 |
| CWE-ID | CWE-200 CWE-400 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Exiv2 Universal components / Libraries / Libraries used by multiple products |
| Vendor | GNU |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU53298
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-29623
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a read of uninitialized memory flaw. A remote attacker can trick a victim to open a specially crafted image file and gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsExiv2: 0.27.3
CPE2.3 External linkshttps://github.com/Exiv2/exiv2/pull/1627
https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU55922
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-31292
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to integer overflow CrwMap::encode0x1810 of Exiv2. A remote attacker can pass specially crafted data to the application, trigger integer overflow and crash the application.
Install update from vendor's website.
Vulnerable software versionsExiv2: 0.27.3
CPE2.3 External linkshttps://github.com/Exiv2/exiv2/issues/1530
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU55921
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-29473
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when processing Exif, IPTC, XMP and ICC image metadata. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the affected application.
MitigationInstall update from vendor's website.
Vulnerable software versionsExiv2: 0.16 - 0.27.3
CPE2.3- cpe:2.3:a:gnu:exiv2:0.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:exiv2:0.23:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:exiv2:0.23.6.el7:*:*:*:*:*:*:*
https://github.com/Exiv2/exiv2/security/policy
https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
https://github.com/github/advisory-review/pull/1587
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWZLDECIXXW3CCZ3RS4A3NG5X5VE4WZM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBKWLTXM7IKZ4PVGKLUQVAVFAYGGF7QR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Heap-based buffer overflow
EUVDB-ID: #VU55920
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-29457
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim top open a specially crafted image, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`.
MitigationInstall updates from vendor's website.
Vulnerable software versionsExiv2: 0.16 - 0.27.3
CPE2.3- cpe:2.3:a:gnu:exiv2:0.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:exiv2:0.23:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:exiv2:0.23.6.el7:*:*:*:*:*:*:*
https://github.com/Exiv2/exiv2/issues/1529
https://github.com/Exiv2/exiv2/pull/1534
https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU55919
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3482
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing EXIF data in Jp2Image::readMetadata() in jp2image.cpp. A remote attacker can create a specially crafted EXIF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsExiv2: 0.16 - 0.27.3
CPE2.3- cpe:2.3:a:gnu:exiv2:0.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:exiv2:0.23:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:exiv2:0.23.6.el7:*:*:*:*:*:*:*
https://bugzilla.redhat.com/show_bug.cgi?id=1946314
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Heap-based buffer overflow
EUVDB-ID: #VU55973
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-31291
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in jp2image.cpp in Exiv2. A remote attacker can use crafted metadata to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsExiv2: 0.27 - 0.27.3
CPE2.3- cpe:2.3:a:gnu:exiv2:0.27:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:exiv2:0.27.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:exiv2:0.27.2:*:*:*:*:*:*:*
https://github.com/Exiv2/exiv2/issues/1529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource exhaustion
EUVDB-ID: #VU67973
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-32617
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application uses an inefficient algorithm (quadratic complexity) when writing metadata into a crafted image file. A remote attacker can trick trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsExiv2: 0.16 - 0.27.3
CPE2.3- cpe:2.3:a:gnu:exiv2:0.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:exiv2:0.23:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:exiv2:0.23.6.el7:*:*:*:*:*:*:*
https://github.com/Exiv2/exiv2/pull/1657
https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5I3RRZUGSBIUYZ5TIHLN55PKMAWCSJ5G/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2BPQNJKTRIDINTVJ22QMMTIZEPHVKXK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQAKFIQHW2AS3AGSJM42ABOA6CWIJBGM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZ5SGWHK64TB7ADRSVBGHEPDFN5CSOO3/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
