GHSA-px9g-8hgv-jvg2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-px9g-8hgv-jvg2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-px9g-8hgv-jvg2/GHSA-px9g-8hgv-jvg2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-px9g-8hgv-jvg2
- Aliases
- Published
- 2022-10-06T19:53:39Z
- Modified
- 2023-11-08T04:04:38.884291Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- kamadak-exif vulnerable to Infinite loop when parsing PNG files
- Details
-
Impact
Reader::readfromcontainer can cause an infinite loop when a crafted PNG file is given.
Patches
Version 0.5.3 includes the fix.
Workarounds
No workaround is available. Applications that do not pass files with the PNG signature to Reader::readfromcontainer are not affected.
References
- https://github.com/kamadak/exif-rs/security/advisories/GHSA-px9g-8hgv-jvg2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21235
For more information
If you have any questions or comments about this advisory: * Open an issue in github.com/kamadak/exif-rs
- Database specific
{ "nvd_published_at": "2021-01-06T02:15:00Z", "github_reviewed_at": "2022-10-06T19:53:39Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-400", "CWE-835" ] }- References
-
- https://github.com/kamadak/exif-rs/security/advisories/GHSA-px9g-8hgv-jvg2
- https://nvd.nist.gov/vuln/detail/CVE-2021-21235
- https://github.com/kamadak/exif-rs/commit/1b05eab57e484cd7d576d4357b9cda7fdc57df8c
- https://github.com/kamadak/exif-rs/commit/f21df24616ea611c5d5d0e0e2f8042eb74d5ff48
- https://crates.io/crates/kamadak-exif
- https://github.com/kamadak/exif-rs
- https://rustsec.org/advisories/RUSTSEC-2021-0143.html
Affected packages
crates.io / kamadak-exif
Package
- Name
- kamadak-exif
- View open source insights on deps.dev
- Purl
- pkg:cargo/kamadak-exif