CVE-2021-34334 — MEDIUM (5.5)

Q: How severe is CVE-2021-34334?

CVE-2021-34334 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-34334?

Check the references section above for vendor advisories and patch information. Affected products include: Exiv2 Exiv2, Fedoraproject Fedora, Debian Debian Linux.

Vulnerability Description

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Exiv2	Exiv2	<= 0.27.4
Fedoraproject	Fedora	33
Debian	Debian Linux	10.0

Related Weaknesses (CWE)

CWE-835

References

https://github.com/Exiv2/exiv2/pull/1766PatchThird Party Advisory
https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9pPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00004.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202312-06
https://github.com/Exiv2/exiv2/pull/1766PatchThird Party Advisory
https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9pPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00004.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202312-06

FAQ

What is CVE-2021-34334?

CVE-2021-34334 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a cr...

How severe is CVE-2021-34334?

CVE-2021-34334 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-34334?

Check the references section above for vendor advisories and patch information. Affected products include: Exiv2 Exiv2, Fedoraproject Fedora, Debian Debian Linux.