---

CVE-2021-27815 - log back

CVE-2021-27815 edited at 12 Sep 2021 21:22:17

Description

- A NULL pointer deference in the "actions.c" library of libexif version 0.6.22 allows attackers to cause a denial of service (DoS) by opening a malicious JPEG file, causing the application to crash. + A NULL pointer deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash.

CVE-2021-27815 edited at 14 Apr 2021 15:04:54
Severity	- Unknown + Low
Remote	- Unknown + Local
Type	- Unknown + Denial of service
Description	+ A NULL pointer deference in the "actions.c" library of libexif version 0.6.22 allows attackers to cause a denial of service (DoS) by opening a malicious JPEG file, causing the application to crash.
References	+ https://github.com/libexif/exif/issues/4 + https://github.com/libexif/exif/files/6041133/poc.zip + https://github.com/libexif/exif/commit/f6334d9d32437ef13dc902f0a88a2be0063d9d1c
Notes

CVE-2021-27815 created at 14 Apr 2021 15:03:14