CVE-2021-27815

Name
CVE-2021-27815
Description
NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://github.com/libexif/exif/issues/4
Patch https://github.com/libexif/exif/commit/eb84b0e3c5f2a86013b6fcfb800d187896a648fa
Patch https://github.com/libexif/exif/commit/f6334d9d32437ef13dc902f0a88a2be0063d9d1c
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSWAXZVNXYLV3E4R6YQTEGRGMGWEAR76/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZQ3L45F7S7PQPG5HEHXOCGNOO64MJOS/
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMC6OTXZRPCUD3LOSWO4ISR7CH7NJQDT/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libexif_project:exif:*:*:*:*:*:*:*:* exif >= None <= 0.6.22

Vulnerable and fixed packages

Source package Branch Version Maintainer Status