1. Home
  2. CVE Database
  3. CVE-2021-29453
MEDIUM · 5.7

CVE-2021-29453

matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in f...

Vulnerability Description

matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in file size, but large in complexity. A malicious user could upload a relatively small image in terms of file size, using particular image formats, which expands to have extremely large dimensions during the process of thumbnailing. The server can be exhausted of memory in the process of trying to load the whole image into memory for thumbnailing, leading to denial of service. Version 1.2.7 has a fix for the vulnerability.

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
Matrix-Media-Repo ProjectMatrix-Media-Repo< 1.2.7

Related Weaknesses (CWE)

CWE-770CWE-400

References

FAQ

What is CVE-2021-29453?

CVE-2021-29453 is a vulnerability with a CVSS score of 5.7 (MEDIUM). matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in f...

How severe is CVE-2021-29453?

CVE-2021-29453 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-29453?

Check the references section above for vendor advisories and patch information. Affected products include: Matrix-Media-Repo Project Matrix-Media-Repo.