CVE-2021-37620 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-37620 PUBLISHED CVSS 4.7 MEDIUM

Reported by GitHub_M · Published August 9, 2021

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.

Risk Scores

CVSS v3.1

4.7

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Exiv2	exiv2	<= 0.27.4
Exiv2	exiv2	<= 0.27.4

Timeline

Aug 9, 2021 CVE Published
Aug 10, 2021 EPSS Score
Aug 20, 2021 EPSS Score
Oct 7, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Jan 31, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 31, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 28, 2022 EPSS Score
Sep 22, 2022 EPSS Score
Nov 19, 2022 EPSS Score

References

FEDORA-2021-399f869889 vendor-advisory
FEDORA-2021-cbaef8e2d5 vendor-advisory
[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update mailing-list
GLSA-202312-06 vendor-advisory

Open in Interactive Console →