Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2021-29464

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.9%
CVSS Severity
CVSS v3 Score 3.3
CVSS v2 Score 6.8
References
Products affected by CVE-2021-29464
  • Exiv2 » Exiv2 » Version: N/A
    cpe:2.3:a:exiv2:exiv2:-
  • Exiv2 » Exiv2 » Version: 0.10
    cpe:2.3:a:exiv2:exiv2:0.10
  • Exiv2 » Exiv2 » Version: 0.11
    cpe:2.3:a:exiv2:exiv2:0.11
  • Exiv2 » Exiv2 » Version: 0.12
    cpe:2.3:a:exiv2:exiv2:0.12
  • Exiv2 » Exiv2 » Version: 0.13
    cpe:2.3:a:exiv2:exiv2:0.13
  • Exiv2 » Exiv2 » Version: 0.14
    cpe:2.3:a:exiv2:exiv2:0.14
  • Exiv2 » Exiv2 » Version: 0.15
    cpe:2.3:a:exiv2:exiv2:0.15
  • Exiv2 » Exiv2 » Version: 0.16
    cpe:2.3:a:exiv2:exiv2:0.16
  • Exiv2 » Exiv2 » Version: 0.17
    cpe:2.3:a:exiv2:exiv2:0.17
  • Exiv2 » Exiv2 » Version: 0.17.1
    cpe:2.3:a:exiv2:exiv2:0.17.1
  • Exiv2 » Exiv2 » Version: 0.18
    cpe:2.3:a:exiv2:exiv2:0.18
  • Exiv2 » Exiv2 » Version: 0.18.1
    cpe:2.3:a:exiv2:exiv2:0.18.1
  • Exiv2 » Exiv2 » Version: 0.18.2
    cpe:2.3:a:exiv2:exiv2:0.18.2
  • Exiv2 » Exiv2 » Version: 0.19
    cpe:2.3:a:exiv2:exiv2:0.19
  • Exiv2 » Exiv2 » Version: 0.20
    cpe:2.3:a:exiv2:exiv2:0.20
  • Exiv2 » Exiv2 » Version: 0.21
    cpe:2.3:a:exiv2:exiv2:0.21
  • Exiv2 » Exiv2 » Version: 0.21.1
    cpe:2.3:a:exiv2:exiv2:0.21.1
  • Exiv2 » Exiv2 » Version: 0.22
    cpe:2.3:a:exiv2:exiv2:0.22
  • Exiv2 » Exiv2 » Version: 0.23
    cpe:2.3:a:exiv2:exiv2:0.23
  • Exiv2 » Exiv2 » Version: 0.24
    cpe:2.3:a:exiv2:exiv2:0.24
  • Exiv2 » Exiv2 » Version: 0.25
    cpe:2.3:a:exiv2:exiv2:0.25
  • Exiv2 » Exiv2 » Version: 0.26
    cpe:2.3:a:exiv2:exiv2:0.26
  • Exiv2 » Exiv2 » Version: 0.27
    cpe:2.3:a:exiv2:exiv2:0.27
  • Exiv2 » Exiv2 » Version: 0.27.1
    cpe:2.3:a:exiv2:exiv2:0.27.1
  • Exiv2 » Exiv2 » Version: 0.27.2
    cpe:2.3:a:exiv2:exiv2:0.27.2
  • Exiv2 » Exiv2 » Version: 0.27.3
    cpe:2.3:a:exiv2:exiv2:0.27.3
  • Exiv2 » Exiv2 » Version: 0.3
    cpe:2.3:a:exiv2:exiv2:0.3
  • Exiv2 » Exiv2 » Version: 0.4
    cpe:2.3:a:exiv2:exiv2:0.4
  • Exiv2 » Exiv2 » Version: 0.5
    cpe:2.3:a:exiv2:exiv2:0.5
  • Exiv2 » Exiv2 » Version: 0.6
    cpe:2.3:a:exiv2:exiv2:0.6
  • Exiv2 » Exiv2 » Version: 0.6.1
    cpe:2.3:a:exiv2:exiv2:0.6.1
  • Exiv2 » Exiv2 » Version: 0.6.2
    cpe:2.3:a:exiv2:exiv2:0.6.2
  • Exiv2 » Exiv2 » Version: 0.7
    cpe:2.3:a:exiv2:exiv2:0.7
  • Exiv2 » Exiv2 » Version: 0.8
    cpe:2.3:a:exiv2:exiv2:0.8
  • Exiv2 » Exiv2 » Version: 0.9
    cpe:2.3:a:exiv2:exiv2:0.9
  • Exiv2 » Exiv2 » Version: 0.9.1
    cpe:2.3:a:exiv2:exiv2:0.9.1
  • Fedoraproject » Fedora » Version: 33
    cpe:2.3:o:fedoraproject:fedora:33
  • Fedoraproject » Fedora » Version: 34
    cpe:2.3:o:fedoraproject:fedora:34


Products
Pricing
Contact Us

Shodan ® - All rights reserved