Уязвимость CVE-2021-34334: Информация
Описание
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.
Важность: MEDIUM (5,5) Вектор: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
exiv2 | sisyphus | 0.27.5-alt1 | 0.28.2-alt1 | ALT-PU-2021-3110-1 | 288156 | Исправлено |
exiv2 | sisyphus_e2k | 0.27.5-alt1 | 0.28.2-alt1 | ALT-PU-2021-4550-1 | - | Исправлено |
exiv2 | p10 | 0.27.5-alt1 | 0.27.7-alt2 | ALT-PU-2021-3499-1 | 289899 | Исправлено |
exiv2 | c10f1 | 0.27.5-alt1 | 0.27.5-alt1 | ALT-PU-2021-3499-1 | 289899 | Исправлено |
exiv2 | p11 | 0.27.5-alt1 | 0.28.2-alt1 | ALT-PU-2021-3110-1 | 288156 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
https://github.com/Exiv2/exiv2/pull/1766 |
|
https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p |
|
[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update |
|
FEDORA-2021-399f869889 | |
FEDORA-2021-cbaef8e2d5 | |
GLSA-202312-06 |