CVE-2021-3482
Description
RHSA-2021:4173: exiv2 security, bug fix, and enhancement update (Moderate)
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description exiv2: Heap-based buffer overflow in Jp2Image::readMetadata() CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8exiv2-0:0.27.4-5.el8RHSA-2021:41732021-11-09T00:00:00Z Package state ProductPackageState Red Hat Enterprise Linux 6exiv2Out of support scope Red Hat Enterprise Linux 7exiv2Out ofโฆ
Description
exiv2: Heap-based buffer overflow in Jp2Image::readMetadata()
CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | exiv2-0:0.27.4-5.el8 | RHSA-2021:4173 | 2021-11-09T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | exiv2 | Out of support scope |
| Red Hat Enterprise Linux 7 | exiv2 | Out of support scope |
| Red Hat Enterprise Linux 9 | exiv2 | Not affected |
Apply commands
yum update -y exiv2
# or:
dnf upgrade -y exiv2Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 9 | Not affected |
OS impact
Arch Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Fixed | 0.27.4-1 |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 0.27.5-1 |
| sid | Fixed | 0.27.5-1 |
| forky | Fixed | 0.27.5-1 |
| bullseye | Fixed | 0.27.3-3+deb11u2 |
| bookworm | Fixed | 0.27.5-1 |
Red Hat Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | โ |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | โ |
References
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.