Fluid Attacks Database

Description

A flaw was found in exiv2. A flawed bounds checking in the jp2Image.cpp:doWriteMetadata function leads to a heap-based buffer overflow. This flaw allows an attacker who can provide a malicious image to an application using the exiv2 library, to write data out of bounds and potentially execute code. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel6	exiv2	-	-
rpm rhel8.2	compat-exiv2-026	<0:0.26-4.el8_2	0:0.26-4.el8_2
rpm rhel8	compat-exiv2-026	<0:0.26-4.el8_4	0:0.26-4.el8_4
rpm rhel7	compat-exiv2-023	<0:0.23-2.el7_9	0:0.23-2.el7_9
rpm rhel7	compat-exiv2-026	<0:0.26-3.el7_9	0:0.26-3.el7_9
rpm rhel7	exiv2	<0:0.27.0-4.el7_8	0:0.27.0-4.el7_8
rpm rhel8	exiv2	<0:0.27.3-3.el8_4	0:0.27.3-3.el8_4
rpm rhel8.1	exiv2	<0:0.26-11.el8_1	0:0.26-11.el8_1
rpm rhel8.2	exiv2	<0:0.27.2-6.el8_2	0:0.27.2-6.el8_2

Aliases

1. CVE-2021-312912. NVD-2021-312913. OSV-2021-31291

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.