CVE-2021-32815
Summary
| CVE | CVE-2021-32815 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-08-09 18:15:00 UTC |
|---|
| Updated | 2023-12-22 10:15:00 UTC |
|---|
| Description | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when modifying the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fi`. ### Patches The bug is fixed in version v0.27.5. ### References Regression test and bug fix: #1739 ### For more information Please see our [security policy](https://github.com/Exiv2/exiv2/security/policy) for information about Exiv2 security. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] [DLA 3265-1] exiv2 security update |
MLIST |
lists.debian.org |
|
| Denial of service due to assertion failure in crwimage_int.cpp · Advisory · Exiv2/exiv2 · GitHub |
CONFIRM |
github.com |
|
| Exiv2: Multiple Vulnerabilities (GLSA 202312-06) — Gentoo security |
|
security.gentoo.org |
|
| [SECURITY] Fedora 33 Update: mingw-exiv2-0.27.4-3.fc33 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 34 Update: mingw-exiv2-0.27.4-3.fc34 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 33 Update: mingw-exiv2-0.27.4-3.fc33 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| Fix assertion failure in crwimage_int.cpp by kevinbackhouse · Pull Request #1739 · Exiv2/exiv2 · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 34 Update: mingw-exiv2-0.27.4-3.fc34 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181464 Debian Security Update for exiv2 (DLA 3265-1)
- 184636 Debian Security Update for exiv2 (CVE-2021-32815)
- 198462 Ubuntu Security Notification for Exiv2 Vulnerabilities (USN-5043-1)
- 281833 Fedora Security Update for mingw (FEDORA-2021-399f869889)
- 281834 Fedora Security Update for mingw (FEDORA-2021-cbaef8e2d5)
- 501842 Alpine Linux Security Update for exiv2
- 504732 Alpine Linux Security Update for exiv2
- 671041 EulerOS Security Update for exiv2 (EulerOS-SA-2021-2657)
- 671049 EulerOS Security Update for exiv2 (EulerOS-SA-2021-2628)
- 671264 EulerOS Security Update for exiv2 (EulerOS-SA-2022-1161)
- 710810 Gentoo Linux Exiv2 Multiple Vulnerabilities (GLSA 202312-06)
- 752871 SUSE Enterprise Linux Security Update for exiv2 (SUSE-SU-2022:4252-1)
- 752916 SUSE Enterprise Linux Security Update for exiv2-0_26 (SUSE-SU-2022:4208-1)
- 752954 SUSE Enterprise Linux Security Update for exiv2 (SUSE-SU-2022:4276-1)
- 900869 Common Base Linux Mariner (CBL-Mariner) Security Update for exiv2 (7214)
- 902310 Common Base Linux Mariner (CBL-Mariner) Security Update for exiv2 (7214-1)
