A heap-based buffer overflow vulnerability in jp2image.cpp of Exiv2 0.27.3 allows malicious users to cause a denial of service (DOS) via crafted metadata.
Debian Bug report logs -
#991705
exiv2: CVE-2021-31291
Package:
src:exiv2;
Maintainer for src:exiv2 is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 30 Jul 2021 13:27:01 UTC
Severity: important
Tags: security, upstream
Found in versi ...
A flaw was found in exiv2 A flawed bounds checking in the jp2Imagecpp:doWriteMetadata function leads to a heap-based buffer overflow This flaw allows an attacker who can provide a malicious image to an application using the exiv2 library, to write data out of bounds and potentially execute code The highest threat from this vulnerability is to d ...