CVE-2021-29453

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-29453
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29453.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-29453
Related
  • GHSA-j889-h476-hh9h
Published
2021-04-19T19:15:17.717Z
Modified
2026-04-10T04:32:12.910666Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in file size, but large in complexity. A malicious user could upload a relatively small image in terms of file size, using particular image formats, which expands to have extremely large dimensions during the process of thumbnailing. The server can be exhausted of memory in the process of trying to load the whole image into memory for thumbnailing, leading to denial of service. Version 1.2.7 has a fix for the vulnerability.

References

Affected packages

Git / github.com/t2bot/matrix-media-repo

Affected ranges

Type
GIT
Repo
https://github.com/t2bot/matrix-media-repo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f94521bb5d250739cf504bf0254a5d3da7783e86
Type
GIT
Repo
https://github.com/turt2live/matrix-media-repo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f94521bb5d250739cf504bf0254a5d3da7783e86
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.2.7"
        }
    ]
}

Affected versions

v1.*
v1.0.0
v1.0.0-rc.1
v1.0.0-rc.2
v1.0.1
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29453.json"