CVE-2021-29463

2021-04-3000:00:00

ubuntu.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

32.5%

JSON

Exiv2 is a command-line utility and C++ library for reading, writing,
deleting, and modifying the metadata of image files. An out-of-bounds read
was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is
triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial
of service by crashing Exiv2, if they can trick the victim into running
Exiv2 on a crafted image file. Note that this bug is only triggered when
writing the metadata, which is a less frequently used Exiv2 operation than
reading the metadata. For example, to trigger the bug in the Exiv2
command-line application, you need to add an extra command-line argument
such as insert. The bug is fixed in version v0.27.4.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchexiv2< 0.27.2-8ubuntu2.4UNKNOWN
ubuntu20.10noarchexiv2< 0.27.3-3ubuntu0.4UNKNOWN
ubuntu21.04noarchexiv2< 0.27.3-3ubuntu1.3UNKNOWN
ubuntu21.10noarchexiv2< 0.27.3-3ubuntu2UNKNOWN
ubuntu22.04noarchexiv2< 0.27.3-3ubuntu2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	exiv2	< 0.27.2-8ubuntu2.4	UNKNOWN
ubuntu	20.10	noarch	exiv2	< 0.27.3-3ubuntu0.4	UNKNOWN
ubuntu	21.04	noarch	exiv2	< 0.27.3-3ubuntu1.3	UNKNOWN
ubuntu	21.10	noarch	exiv2	< 0.27.3-3ubuntu2	UNKNOWN
ubuntu	22.04	noarch	exiv2	< 0.27.3-3ubuntu2	UNKNOWN