Home > Vulnerability Database > CVE-2021-32617

Mend.io Vulnerability Database

CVE-2021-32617

Date: May 17, 2021

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`.

Language: C++

Severity Score

5.5

Related Resources (17)

Url: https://security-tracker.debian.org/tracker/CVE-2021-32617

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2BPQNJKTRIDINTVJ22QMMTIZEPHVKXK/

Url: https://security.gentoo.org/glsa/202312-06

Url: https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5I3RRZUGSBIUYZ5TIHLN55PKMAWCSJ5G/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2BPQNJKTRIDINTVJ22QMMTIZEPHVKXK/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZ5SGWHK64TB7ADRSVBGHEPDFN5CSOO3/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQAKFIQHW2AS3AGSJM42ABOA6CWIJBGM/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5I3RRZUGSBIUYZ5TIHLN55PKMAWCSJ5G/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZ5SGWHK64TB7ADRSVBGHEPDFN5CSOO3/

Url: https://access.redhat.com/security/cve/CVE-2021-32617

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQAKFIQHW2AS3AGSJM42ABOA6CWIJBGM/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32617

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-32617

Url: https://github.com/Exiv2/exiv2/pull/1657

Url: https://security.alpinelinux.org/vuln/CVE-2021-32617

Url: https://www.mend.io/vulnerability-database/CVE-2021-32617

Severity Score

5.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-32617

Date: May 17, 2021

Language: C++

Severity Score

Related Resources (17)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?