Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-3482

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

Related bugs and status

CVE-2021-3482 (Candidate) is related to these bugs:

Bug #1923479: out of buffer access and Integer overflow in Exiv2

Summary				In	Importance	Status
	1923479	out of buffer access and Integer overflow in Exiv2		exiv2 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
FEDORA: FEDORA-2021-10d7331a31
FEDORA: FEDORA-2021-be94728b95
DEBIAN: DSA-4958
MLIST: [debian-lts-announce] ...