CVE-2021-3482 log

Source
Severity Medium
Remote No
Type Arbitrary code execution
Description
A security issue was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.
Group Package Affected Fixed Severity Status Ticket
AVG-1772 exiv2 0.27.3-1 Medium Vulnerable
References
https://bugzilla.redhat.com/show_bug.cgi?id=1946314
https://github.com/Exiv2/exiv2/issues/1522
https://github.com/Exiv2/exiv2/pull/1523
https://github.com/Exiv2/exiv2/commit/05ec05342e17dc94670db1818447c06d0da8f41a