---

CVE-2021-3482 - log back

CVE-2021-3482 edited at 18 Jun 2021 17:41:50
Severity	- Medium + Low

CVE-2021-3482 edited at 18 Jun 2021 17:33:15
Remote	- Local + Remote
Description	- A security issue was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. + A security issue was found in Exiv2 in versions before version 0.27.4. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file.

CVE-2021-3482 edited at 24 Apr 2021 08:44:26
References	https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jp9-m3fv-2vg9 https://github.com/Exiv2/exiv2/issues/1522 https://github.com/Exiv2/exiv2/pull/1523 - https://github.com/Exiv2/exiv2/commit/05ec05342e17dc94670db1818447c06d0da8f41a + https://github.com/Exiv2/exiv2/commit/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da

CVE-2021-3482 edited at 19 Apr 2021 20:36:24
Description	- A security issue was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. + A security issue was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4.
References	- https://bugzilla.redhat.com/show_bug.cgi?id=1946314 + https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jp9-m3fv-2vg9 https://github.com/Exiv2/exiv2/issues/1522 https://github.com/Exiv2/exiv2/pull/1523 https://github.com/Exiv2/exiv2/commit/05ec05342e17dc94670db1818447c06d0da8f41a

CVE-2021-3482 edited at 09 Apr 2021 10:04:29
Description	- A security issue was found in Exiv2. An improper check of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow. + A security issue was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.
References	https://bugzilla.redhat.com/show_bug.cgi?id=1946314 https://github.com/Exiv2/exiv2/issues/1522 https://github.com/Exiv2/exiv2/pull/1523 + https://github.com/Exiv2/exiv2/commit/05ec05342e17dc94670db1818447c06d0da8f41a

CVE-2021-3482 edited at 05 Apr 2021 20:55:40
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1946314 https://github.com/Exiv2/exiv2/issues/1522 https://github.com/Exiv2/exiv2/pull/1523

CVE-2021-3482 edited at 05 Apr 2021 20:54:49
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ A security issue was found in Exiv2. An improper check of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow.
References	+ https://github.com/Exiv2/exiv2/issues/1522 + https://github.com/Exiv2/exiv2/pull/1523
Notes

CVE-2021-3482 created at 05 Apr 2021 20:53:40