VDB

CVE-2021-3482

CVE-2021-3482 PUBLISHED

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

EPSS 0.82% · 74.8th percentile

Risk Scores

EPSS Score
0.82%
74.8th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSexiv20.25-3.1, 0, 0.25-3.1ubuntu0.18.04.4
Ubuntu:20.04:LTSexiv20.25-4ubuntu3, 0.27.2-8ubuntu2, 0
Ubuntu:Pro:16.04:LTSexiv20.25-2.1ubuntu16.04.3, 0.25-2.1ubuntu16.04.2, 0.25-2.1ubuntu16.04.1

Timeline

  • Apr 8, 2021 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›