Vulnerability Name:

CVE-2021-37623 (CCN-207081)

Assigned:2021-08-08
Published:2021-08-08
Updated:2021-08-20
Summary:Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). The bug is fixed in version v0.27.5.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-835
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2021-37623

Source: XF
Type: UNKNOWN
exiv2-cve202137623-dos(207081)

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/Exiv2/exiv2/pull/1790

Source: CCN
Type: Exiv2 GIT Repository
Denial of service due to infinite loop in JpegBase::printStructure (#2)

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-399f869889

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-cbaef8e2d5

Vulnerable Configuration:Configuration 1:
  • cpe:/a:exiv2:exiv2:*:*:*:*:*:*:*:* (Version <= 0.27.4)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:exiv2:exiv2:0.27.1:*:*:*:*:*:*:*
  • OR cpe:/a:exiv2:exiv2:0.27.2:*:*:*:*:*:*:*
  • OR cpe:/a:exiv2:exiv2:0.27.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:exiv2:exiv2:0.27.3:-:*:*:*:*:*:*
  • OR cpe:/a:exiv2:exiv2:0.27.4:rc1:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7930
    P
    		libexiv2-27-0.27.5-150400.15.4.1 on GA media (Moderate)
    2023-06-12
    BACK
    exiv2 exiv2 *
    fedoraproject fedora 33
    fedoraproject fedora 34
    exiv2 exiv2 0.27.1
    exiv2 exiv2 0.27.2
    exiv2 exiv2 0.27.4 rc1
    exiv2 exiv2 0.27.3 -
    exiv2 exiv2 0.27.4 rc1