Denial of Service Vulnerability in exif Tool by libexif
CVE-2021-27815

5.5MEDIUM

Key Information:

Vendor: Libexif Project
Status: Exif
Vendor: CVE Published:; 14 April 2021

🔔 Create Libexif Project Vulnerability Alert

What is CVE-2021-27815?

A vulnerability exists in the exif command line tool from libexif, wherein a NULL pointer dereference occurs while handling XML formatted EXIF data. This flaw allows malicious users to craft a JPEG file that triggers a Denial of Service (DoS) condition, causing the application to crash. Users running versions prior to v0.6.22 are particularly at risk, underscoring the necessity of updating to mitigate potential exploitation.

References

https://github.com/libexif/exif/issues/4

https://github.com/libexif/exif/commit/f6334d9d32437ef13d...

https://github.com/libexif/exif/commit/eb84b0e3c5f2a86013...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2021
Vulnerability Reserved
Mar 1, 2021

CVE-2021-27815 Data

JSON