{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-32617", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2024-08-03T23:25:30.946Z", "dateReserved": "2021-05-12T00:00:00", "datePublished": "2021-05-17T00:00:00"}, "containers": {"cna": {"title": "Denial of service in Exiv2", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-22T10:06:31.177527"}, "descriptions": [{"lang": "en", "value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`."}], "affected": [{"vendor": "Exiv2", "product": "exiv2", "versions": [{"version": "<= 0.27.3", "status": "affected"}]}], "references": [{"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj"}, {"url": "https://github.com/Exiv2/exiv2/pull/1657"}, {"name": "FEDORA-2021-d1d5a0bf0f", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5I3RRZUGSBIUYZ5TIHLN55PKMAWCSJ5G/"}, {"name": "FEDORA-2021-8253c78bd7", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2BPQNJKTRIDINTVJ22QMMTIZEPHVKXK/"}, {"name": "FEDORA-2021-bdba47348c", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQAKFIQHW2AS3AGSJM42ABOA6CWIJBGM/"}, {"name": "FEDORA-2021-8917c5d9d2", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZ5SGWHK64TB7ADRSVBGHEPDFN5CSOO3/"}, {"name": "GLSA-202312-06", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202312-06"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "cweId": "CWE-400"}]}], "source": {"advisory": "GHSA-w8mv-g8qq-36mj", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:25:30.946Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj", "tags": ["x_transferred"]}, {"url": "https://github.com/Exiv2/exiv2/pull/1657", "tags": ["x_transferred"]}, {"name": "FEDORA-2021-d1d5a0bf0f", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5I3RRZUGSBIUYZ5TIHLN55PKMAWCSJ5G/"}, {"name": "FEDORA-2021-8253c78bd7", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2BPQNJKTRIDINTVJ22QMMTIZEPHVKXK/"}, {"name": "FEDORA-2021-bdba47348c", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQAKFIQHW2AS3AGSJM42ABOA6CWIJBGM/"}, {"name": "FEDORA-2021-8917c5d9d2", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZ5SGWHK64TB7ADRSVBGHEPDFN5CSOO3/"}, {"name": "GLSA-202312-06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202312-06"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A049EBD-7A7E-458F-9ABD-F6626DDEABB9", "versionEndExcluding": "0.27.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`."}, {"lang": "es", "value": "Exiv2 es una utilidad de l\u00ednea de comandos y una biblioteca C++ para leer, escribir, eliminar y modificar los metadatos de archivos de imagen. Fue encontrado un algoritmo ineficiente (complejidad cuadr\u00e1tica) en Exiv2 versiones v0.27.3 y anteriores.&#xa0;El algoritmo ineficiente es desencadenado cuando Exiv2 es usado para escribir metadatos en un archivo de imagen dise\u00f1ado.&#xa0;Un atacante podr\u00eda explotar la vulnerabilidad para causar una denegaci\u00f3n de servicio, si pueden enga\u00f1ar a la v\u00edctima para que ejecute Exiv2 en un archivo de imagen dise\u00f1ado.&#xa0;El bug es corregido en versi\u00f3n v0.27.4.&#xa0;Tome en cuenta que este bug solo es desencadenado al _escribir_ los metadatos, que es una operaci\u00f3n Exiv2 que es usado con menos frecuencia que _leer_ los metadatos.&#xa0;Por ejemplo, para desencadenar el bug en la aplicaci\u00f3n de l\u00ednea de comandos de Exiv2, necesitas agregar un argumento de l\u00ednea de comandos adicional como \"rm\""}], "id": "CVE-2021-32617", "lastModified": "2023-12-22T10:15:09.483", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-05-17T18:15:08.080", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Exiv2/exiv2/pull/1657"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5I3RRZUGSBIUYZ5TIHLN55PKMAWCSJ5G/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2BPQNJKTRIDINTVJ22QMMTIZEPHVKXK/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQAKFIQHW2AS3AGSJM42ABOA6CWIJBGM/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZ5SGWHK64TB7ADRSVBGHEPDFN5CSOO3/"}, {"source": "security-advisories@github.com", "url": "https://security.gentoo.org/glsa/202312-06"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:4173", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "exiv2-0:0.27.4-5.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}], "bugzilla": {"description": "exiv2: DoS due to quadratic complexity in ProcessUTF8Portion", "id": "1961691", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961691"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`.", "There's a flaw in the xmpsdk component shipped with exiv2. An attacker who is able to submit a crafted file to be processed by an application linked with the exiv2 library could cause an excessive consumption of resources, potentially leading to denial of service. The greatest impact of this flaw is to system availability."], "name": "CVE-2021-32617", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "exiv2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "compat-exiv2-023", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "compat-exiv2-026", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "exiv2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "compat-exiv2-026", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "exiv2", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-05-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-32617\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-32617\nhttps://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj"], "statement": "Red Hat Product Security has marked the Impact of this flaw as Low because the denial of service caused by this flaw would not necessarily be persistent. Additionally, exploitation relies on parsing of arbitrary image files from untrusted sources, and the operation/command used to trigger it is not common amongst users according to the upstream advisory listed under \"References\" below.\nThis flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support scopes, please see https://access.redhat.com/support/policy/updates/errata", "threat_severity": "Low", "upstream_fix": "exiv2 0.27.4"}