CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-37616

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.3%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 4.3

References

Products affected by CVE-2021-37616

Exiv2 » Exiv2 » Version: N/A

cpe:2.3:a:exiv2:exiv2:-
Exiv2 » Exiv2 » Version: 0.10

cpe:2.3:a:exiv2:exiv2:0.10
Exiv2 » Exiv2 » Version: 0.11

cpe:2.3:a:exiv2:exiv2:0.11
Exiv2 » Exiv2 » Version: 0.12

cpe:2.3:a:exiv2:exiv2:0.12
Exiv2 » Exiv2 » Version: 0.13

cpe:2.3:a:exiv2:exiv2:0.13
Exiv2 » Exiv2 » Version: 0.14

cpe:2.3:a:exiv2:exiv2:0.14
Exiv2 » Exiv2 » Version: 0.15

cpe:2.3:a:exiv2:exiv2:0.15
Exiv2 » Exiv2 » Version: 0.16

cpe:2.3:a:exiv2:exiv2:0.16
Exiv2 » Exiv2 » Version: 0.17

cpe:2.3:a:exiv2:exiv2:0.17
Exiv2 » Exiv2 » Version: 0.17.1

cpe:2.3:a:exiv2:exiv2:0.17.1
Exiv2 » Exiv2 » Version: 0.18

cpe:2.3:a:exiv2:exiv2:0.18
Exiv2 » Exiv2 » Version: 0.18.1

cpe:2.3:a:exiv2:exiv2:0.18.1
Exiv2 » Exiv2 » Version: 0.18.2

cpe:2.3:a:exiv2:exiv2:0.18.2
Exiv2 » Exiv2 » Version: 0.19

cpe:2.3:a:exiv2:exiv2:0.19
Exiv2 » Exiv2 » Version: 0.20

cpe:2.3:a:exiv2:exiv2:0.20
Exiv2 » Exiv2 » Version: 0.21

cpe:2.3:a:exiv2:exiv2:0.21
Exiv2 » Exiv2 » Version: 0.21.1

cpe:2.3:a:exiv2:exiv2:0.21.1
Exiv2 » Exiv2 » Version: 0.22

cpe:2.3:a:exiv2:exiv2:0.22
Exiv2 » Exiv2 » Version: 0.23

cpe:2.3:a:exiv2:exiv2:0.23
Exiv2 » Exiv2 » Version: 0.24

cpe:2.3:a:exiv2:exiv2:0.24
Exiv2 » Exiv2 » Version: 0.25

cpe:2.3:a:exiv2:exiv2:0.25
Exiv2 » Exiv2 » Version: 0.26

cpe:2.3:a:exiv2:exiv2:0.26
Exiv2 » Exiv2 » Version: 0.27

cpe:2.3:a:exiv2:exiv2:0.27
Exiv2 » Exiv2 » Version: 0.27.1

cpe:2.3:a:exiv2:exiv2:0.27.1
Exiv2 » Exiv2 » Version: 0.27.2

cpe:2.3:a:exiv2:exiv2:0.27.2
Exiv2 » Exiv2 » Version: 0.27.3

cpe:2.3:a:exiv2:exiv2:0.27.3
Exiv2 » Exiv2 » Version: 0.27.4

cpe:2.3:a:exiv2:exiv2:0.27.4
Exiv2 » Exiv2 » Version: 0.3

cpe:2.3:a:exiv2:exiv2:0.3
Exiv2 » Exiv2 » Version: 0.4

cpe:2.3:a:exiv2:exiv2:0.4
Exiv2 » Exiv2 » Version: 0.5

cpe:2.3:a:exiv2:exiv2:0.5
Exiv2 » Exiv2 » Version: 0.6

cpe:2.3:a:exiv2:exiv2:0.6
Exiv2 » Exiv2 » Version: 0.6.1

cpe:2.3:a:exiv2:exiv2:0.6.1
Exiv2 » Exiv2 » Version: 0.6.2

cpe:2.3:a:exiv2:exiv2:0.6.2
Exiv2 » Exiv2 » Version: 0.7

cpe:2.3:a:exiv2:exiv2:0.7
Exiv2 » Exiv2 » Version: 0.8

cpe:2.3:a:exiv2:exiv2:0.8
Exiv2 » Exiv2 » Version: 0.9

cpe:2.3:a:exiv2:exiv2:0.9
Exiv2 » Exiv2 » Version: 0.9.1

cpe:2.3:a:exiv2:exiv2:0.9.1
Fedoraproject » Fedora » Version: 33

cpe:2.3:o:fedoraproject:fedora:33
Fedoraproject » Fedora » Version: 34

cpe:2.3:o:fedoraproject:fedora:34

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-37616

Products

Pricing

Contact Us