Integer Overflow Vulnerability in Exiv2 Image Metadata Handling
CVE-2021-31292

7.5HIGH

Key Information:

Vendor

Exiv2

Status
Exiv2
Vendor
CVE Published:
26 July 2021

What is CVE-2021-31292?

An integer overflow in the CrwMap::encode0x1810 function of Exiv2 version 0.27.3 allows attackers to exploit crafted metadata, triggering a heap-based buffer overflow. This vulnerability can result in a denial of service, severely compromising the reliability of applications that rely on Exiv2 for image metadata processing. Users should be aware of the risks posed by this vulnerability and ensure that their systems are updated to mitigate potential exploitation.

References

https://github.com/Exiv2/exiv2/issues/1530
x_refsource_MISC
https://www.debian.org/security/2021/dsa-4958
vendor-advisoryx_refsource_DEBIAN
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-31292 : Integer Overflow Vulnerability in Exiv2 Image Metadata Handling