Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.
References
Configurations
History
22 Dec 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
01 Mar 2023, 16:12
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
References |
|
20 Aug 2021, 15:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 5.5 |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE/ - Mailing List, Third Party Advisory |
20 Aug 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Aug 2021, 15:07
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/Exiv2/exiv2/pull/1766 - Patch, Third Party Advisory | |
References | (CONFIRM) https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.5 |
CWE | CWE-835 |
09 Aug 2021, 19:13
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-09 18:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-34334
Mitre link : CVE-2021-34334
CVE.ORG link : CVE-2021-34334
JSON object : View
Products Affected
debian
- debian_linux
exiv2
- exiv2
fedoraproject
- fedora
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')