Bug 1961691 (CVE-2021-32617)
Summary: | CVE-2021-32617 exiv2: DoS due to quadratic complexity in ProcessUTF8Portion | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | jgrulich, manisandro, michel, rdieter |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | exiv2 0.27.4 | Doc Type: | If docs needed, set a value |
Doc Text: |
There's a flaw in the xmpsdk component shipped with exiv2. An attacker who is able to submit a crafted file to be processed by an application linked with the exiv2 library could cause an excessive consumption of resources, potentially leading to denial of service. The greatest impact of this flaw is to system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-11-02 23:31:45 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1961692, 1961693, 1964188, 1964189, 1964190 | ||
Bug Blocks: | 1961694 |
Description
Guilherme de Almeida Suckevicz
2021-05-18 13:57:14 UTC
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1961692] Created mingw-exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1961693] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4173 https://access.redhat.com/errata/RHSA-2021:4173 |