Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2021-37615

Published: 09/08/2021 Updated: 22/12/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Exiv2

Vulnerability Summary

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and previous versions. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

exiv2 exiv2

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Red Hat: CVE-2021-37615
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files A null pointer dereference was found in Exiv2 versions v0274 and earlier The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file An attacker could potentially exploit the v ...
Arch Linux Issues:
A null pointer dereference was found in Exiv2 versions 0274 and earlier The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file Note th ...

References

CWE-476https://github.com/Exiv2/exiv2/pull/1758https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336whttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC/https://security.gentoo.org/glsa/202312-06https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2021-37615https://security.archlinux.org/CVE-2021-37615
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook