Lucene search

K
ubuntuUbuntuUSN-4941-1
HistoryMay 10, 2021 - 12:00 a.m.

Exiv2 vulnerabilities

2021-05-1000:00:00
ubuntu.com
109
ubuntu 21.04
ubuntu 20.10
ubuntu 20.04 lts
ubuntu 18.04 esm
ubuntu 16.04 esm
exiv2
image handling
arbitrary code execution
denial of service

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.006

Percentile

77.9%

Releases

  • Ubuntu 21.04
  • Ubuntu 20.10
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM

Packages

  • exiv2 - EXIF/IPTC/XMP metadata manipulation tool

Details

It was discovered that Exiv2 incorrectly handled certain images.
An attacker could possibly use this issue to execute arbitrary code or cause
a crash. (CVE-2021-29457)

It was discovered that Exiv2 incorrectly handled certain images.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2021-29458, CVE-2021-29470)

It was discovered that Exiv2 incorrectly handled certain images.
An attacker could possibly use this issue to execute arbitrary code or
cause a crash. (CVE-2021-3482)

OSVersionArchitecturePackageVersionFilename
Ubuntu21.04noarchlibexiv2-27< 0.27.3-3ubuntu1.1UNKNOWN
Ubuntu21.04noarchexiv2< 0.27.3-3ubuntu1.1UNKNOWN
Ubuntu21.04noarchexiv2-dbgsym< 0.27.3-3ubuntu1.1UNKNOWN
Ubuntu21.04noarchlibexiv2-27-dbgsym< 0.27.3-3ubuntu1.1UNKNOWN
Ubuntu21.04noarchlibexiv2-dev< 0.27.3-3ubuntu1.1UNKNOWN
Ubuntu21.04noarchlibexiv2-doc< 0.27.3-3ubuntu1.1UNKNOWN
Ubuntu20.10noarchlibexiv2-27< 0.27.3-3ubuntu0.2UNKNOWN
Ubuntu20.10noarchexiv2< 0.27.3-3ubuntu0.2UNKNOWN
Ubuntu20.10noarchexiv2-dbgsym< 0.27.3-3ubuntu0.2UNKNOWN
Ubuntu20.10noarchlibexiv2-27-dbgsym< 0.27.3-3ubuntu0.2UNKNOWN
Rows per page:
1-10 of 321

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.006

Percentile

77.9%