CVE-2021-3482

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*
cpe:2.3:a:exiv2:exiv2:0.27.4:rc1:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:38

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN/', 'name': 'FEDORA-2021-be94728b95', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/', 'name': 'FEDORA-2021-10d7331a31', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/ -

24 Oct 2022, 15:08

Type Values Removed Values Added
CWE CWE-20
CWE-119
CWE-787

21 Sep 2021, 18:15

Type Values Removed Values Added
CPE cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
References (MLIST) https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html - (MLIST) https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2021/dsa-4958 - (DEBIAN) https://www.debian.org/security/2021/dsa-4958 - Third Party Advisory

30 Aug 2021, 05:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html -
  • (DEBIAN) https://www.debian.org/security/2021/dsa-4958 -

26 May 2021, 13:09

Type Values Removed Values Added
CPE cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN/ - Mailing List, Third Party Advisory

14 May 2021, 23:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN/ -

04 May 2021, 03:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/ -

15 Apr 2021, 14:29

Type Values Removed Values Added
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1946314 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1946314 - Issue Tracking, Patch, Third Party Advisory
CPE cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*
cpe:2.3:a:exiv2:exiv2:0.27.4:rc1:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 6.4
v3 : 6.5

08 Apr 2021, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-04-08 23:15

Updated : 2023-12-10 13:55


NVD link : CVE-2021-3482

Mitre link : CVE-2021-3482

CVE.ORG link : CVE-2021-3482


JSON object : View

Products Affected

debian

  • debian_linux

exiv2

  • exiv2

redhat

  • enterprise_linux

fedoraproject

  • fedora
CWE
CWE-787

Out-of-bounds Write

CWE-20

Improper Input Validation