CVE-2021-29464

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-29464
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29464.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-29464
Downstream
Related
Published
2021-04-30T19:15:07Z
Modified
2025-10-21T06:05:57.317916Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4.

References

Affected packages

Git / github.com/exiv2/exiv2

Affected ranges

Type
GIT
Repo
https://github.com/exiv2/exiv2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f9308839198aca5e68a65194f151a1de92398f54

Affected versions

0.*

0.27
0.27-RC2
0.27-RC3
0.27.1

v0.*

v0.10
v0.11
v0.12
v0.13
v0.14
v0.15
v0.16
v0.16-pre1
v0.17
v0.17.1
v0.18
v0.18-pre1
v0.18-pre2
v0.18.1
v0.18.2
v0.19
v0.20
v0.21
v0.21.1
v0.22
v0.23
v0.23.1
v0.24
v0.25
v0.26
v0.27-RC1
v0.27.0
v0.27.1
v0.27.1-RC1
v0.27.2
v0.27.2-RC1
v0.27.2-RC2
v0.27.2-RC3
v0.27.3
v0.27.3-RC1
v0.27.3-RC2
v0.27.4-RC1
v0.27.4-RC2
v0.3
v0.4
v0.5
v0.6
v0.6.1
v0.6.2
v0.7
v0.8
v0.9
v0.9.1

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54",
        "signature_version": "v1",
        "target": {
            "file": "src/jp2image.cpp"
        },
        "digest": {
            "line_hashes": [
                "323728222833538923038944730393132703934",
                "24749543631507264723746914446195151479",
                "76802448304416166379448936806878801315",
                "234957559214220615582122127754102325495",
                "275450592817794157285816532393627859209",
                "87670471384412651251321462646562134881",
                "114497833031464664794866836019212823344",
                "115324630711529566996375131005995028801",
                "115588095376320194610437193210480108975",
                "161802120353393359573629174985040623209",
                "78886350060633755983035439595702394",
                "50161156128312907545539673432889024690",
                "52588574467330224408576858640562188721",
                "103350852771569627785933163969062514890",
                "291787656159276189544876712387029726223",
                "303134045822942712871844582524794431568",
                "323201933430005402075719111048790072190",
                "90026066209195267352953936172543050696",
                "241196500115797223576545330965582388403",
                "242525065048684870948914503761593069582",
                "116436437810386455374749867256768513321",
                "133702476651164271979726261909386052591",
                "70555295058522195116472804523663574236",
                "174067505862308538886067349865241686217",
                "239111711937241339327911470879130231556",
                "143397300216908999081310858062271806749",
                "114950416085279614966063287613211851319",
                "154802448534375716299749512657983733829",
                "180768494370747544339887021743852714073",
                "224287473853457600596126537646514404550"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2021-29464-55b6959c"
    },
    {
        "source": "https://github.com/exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54",
        "signature_version": "v1",
        "target": {
            "file": "src/jp2image.cpp",
            "function": "Jp2Image::encodeJp2Header"
        },
        "digest": {
            "length": 2286.0,
            "function_hash": "337158091193550846272945469042916636495"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2021-29464-8d5dbd5c"
    }
]