Home > Vulnerability Database > CVE-2021-37621

Mend.io Vulnerability Database

CVE-2021-37621

Date: August 9, 2021

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5.

Language: C++

Severity Score

5.5

Related Resources (14)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-37621

Url: https://security.alpinelinux.org/vuln/CVE-2021-37621

Url: https://security.gentoo.org/glsa/202312-06

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE/

Url: https://security-tracker.debian.org/tracker/CVE-2021-37621

Url: https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37621

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE/

Url: https://access.redhat.com/security/cve/CVE-2021-37621

Url: https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html

Url: https://github.com/Exiv2/exiv2/pull/1778

Url: https://www.mend.io/vulnerability-database/CVE-2021-37621

Severity Score

5.5

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-37621

Date: August 9, 2021

Language: C++

Severity Score

Related Resources (14)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?