CVE-2021-29623

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.6 LOW
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
exiv2exiv2
𝑥
< 0.27.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
exiv2
bookworm
0.27.6-1
fixed
bullseye
0.27.3-3+deb11u2
fixed
bullseye (security)
vulnerable
buster
not-affected
sid
0.28.3+dfsg-2
fixed
trixie
0.28.3+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
exiv2
bionic
not-affected
focal
Fixed 0.27.2-8ubuntu2.4
released
groovy
Fixed 0.27.3-3ubuntu0.4
released
hirsute
Fixed 0.27.3-3ubuntu1.3
released
impish
Fixed 0.27.3-3ubuntu3
released
jammy
Fixed 0.27.3-3ubuntu3
released
trusty
dne
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libexiv2-26
suse enterprise desktop 15 SP4
0.26-150400.9.16.1
fixed
suse enterprise sap 15 SP4
0.26-150400.9.16.1
fixed
suse enterprise server 15 SP4
0.26-150400.9.16.1
fixed
libexiv2-27
suse enterprise desktop 15 SP4
0.27.5-150400.15.4.1
fixed
suse enterprise desktop 15 SP5
0.27.5-150400.15.4.1
fixed
suse enterprise desktop 15 SP6
0.27.5-150400.15.4.1
fixed
suse enterprise desktop 15 SP7
0.27.5-150400.15.4.1
fixed
suse enterprise sap 15 SP4
0.27.5-150400.15.4.1
fixed
suse enterprise sap 15 SP5
0.27.5-150400.15.4.1
fixed
suse enterprise sap 15 SP6
0.27.5-150400.15.4.1
fixed
suse enterprise sap 15 SP7
0.27.5-150400.15.4.1
fixed
suse enterprise server 15 SP4
0.27.5-150400.15.4.1
fixed
suse enterprise server 15 SP5
0.27.5-150400.15.4.1
fixed
suse enterprise server 15 SP6
0.27.5-150400.15.4.1
fixed
suse enterprise server 15 SP7
0.27.5-150400.15.4.1
fixed
libexiv2-devel
suse enterprise desktop 15 SP4
0.27.5-150400.15.4.1
fixed
suse enterprise desktop 15 SP5
0.27.5-150400.15.4.1
fixed
suse enterprise desktop 15 SP6
0.27.5-150400.15.4.1
fixed
suse enterprise desktop 15 SP7
0.27.5-150400.15.4.1
fixed
suse enterprise sap 15 SP4
0.27.5-150400.15.4.1
fixed
suse enterprise sap 15 SP5
0.27.5-150400.15.4.1
fixed
suse enterprise sap 15 SP6
0.27.5-150400.15.4.1
fixed
suse enterprise sap 15 SP7
0.27.5-150400.15.4.1
fixed
suse enterprise server 15 SP4
0.27.5-150400.15.4.1
fixed
suse enterprise server 15 SP5
0.27.5-150400.15.4.1
fixed
suse enterprise server 15 SP6
0.27.5-150400.15.4.1
fixed
suse enterprise server 15 SP7
0.27.5-150400.15.4.1
fixed
libexiv2-xmp-static
suse enterprise desktop 15 SP4
0.27.5-150400.15.4.1
fixed
suse enterprise desktop 15 SP5
0.27.5-150400.15.4.1
fixed
suse enterprise desktop 15 SP6
0.27.5-150400.15.4.1
fixed
suse enterprise desktop 15 SP7
0.27.5-150400.15.4.1
fixed
suse enterprise sap 15 SP4
0.27.5-150400.15.4.1
fixed
suse enterprise sap 15 SP5
0.27.5-150400.15.4.1
fixed
suse enterprise sap 15 SP6
0.27.5-150400.15.4.1
fixed
suse enterprise sap 15 SP7
0.27.5-150400.15.4.1
fixed
suse enterprise server 15 SP4
0.27.5-150400.15.4.1
fixed
suse enterprise server 15 SP5
0.27.5-150400.15.4.1
fixed
suse enterprise server 15 SP6
0.27.5-150400.15.4.1
fixed
suse enterprise server 15 SP7
0.27.5-150400.15.4.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
exiv2
RHEL 8
0:0.27.4-5.el8
fixed
exiv2-devel
RHEL 8
0:0.27.4-5.el8
fixed
exiv2-doc
RHEL 8
0:0.27.4-5.el8
fixed
exiv2-libs
RHEL 8
0:0.27.4-5.el8
fixed
Common Weakness Enumeration
References
https://github.com/Exiv2/exiv2/pull/1627
https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5I3RRZUGSBIUYZ5TIHLN55PKMAWCSJ5G/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2BPQNJKTRIDINTVJ22QMMTIZEPHVKXK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQAKFIQHW2AS3AGSJM42ABOA6CWIJBGM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZ5SGWHK64TB7ADRSVBGHEPDFN5CSOO3/
https://security.gentoo.org/glsa/202312-06
https://github.com/Exiv2/exiv2/pull/1627
https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5I3RRZUGSBIUYZ5TIHLN55PKMAWCSJ5G/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2BPQNJKTRIDINTVJ22QMMTIZEPHVKXK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQAKFIQHW2AS3AGSJM42ABOA6CWIJBGM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZ5SGWHK64TB7ADRSVBGHEPDFN5CSOO3/
https://security.gentoo.org/glsa/202312-06