QID 671041

A command line utility to access image metadata, allowing one to: * print the exif metadata of jpeg images as summary info, interpreted values,or the plain data for each tag * print the iptc metadata of jpeg images * print the jpeg comment of jpeg images * set, add and delete exif and iptc metadata of jpeg images * adjust the exif timestamp (thats how it all started...) * rename exif image files according to the exif timestamp * extract, insert and delete exif metadata (including thumbnails),iptc metadata and jpeg comments security fix(es): exiv2 is a command-line utility and c++ library for reading, writing, deleting, and modifying the metadata of image files.
The assertion failure is triggered when exiv2 is used to modify the metadata of a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running exiv2 on a crafted image file.
Note that this bug is only triggered when modifying the metadata, which is a less frequently used exiv2 operation than reading the metadata.
For example, to trigger the bug in the exiv2 command-line application, you need to add an extra command-line argument such as `fi`.(cve-2021-32815) exiv2 is a command-line utility and c++ library for reading, writing, deleting, and modifying the metadata of image files.
An infinite loop is triggered when exiv2 is used to read the metadata of a crafted image file.
A floating point exception (fpe) due to an integer divide by zero was found in exiv2 versions v0.27.4 and earlier.
The fpe is triggered when exiv2 is used to print the metadata of a crafted image file.
A null pointer dereference was found in exiv2 versions v0.27.4 and earlier.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

An arbitrary attacker may exploit this vulnerability to compromise the system.