1958807 – (CVE-2021-27815) CVE-2021-27815 libexif: NULL Pointer Deference may lead to DoS by uploading a malicious JPEG file

Bug 1958807 (CVE-2021-27815) - CVE-2021-27815 libexif: NULL Pointer Deference may lead to DoS by uploading a malicious JPEG file

Summary: CVE-2021-27815 libexif: NULL Pointer Deference may lead to DoS by uploading a...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2021-27815
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1958808 1958809
Blocks:	1958810
TreeView+	depends on / blocked

Reported:	2021-05-10 08:06 UTC by Marian Rehak
Modified:	2021-05-17 09:37 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-05-17 09:35:13 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2021-05-10 08:06:29 UTC

NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file.

Upstream Reference:

https://github.com/libexif/exif/issues/4

Comment 1 Marian Rehak 2021-05-10 08:07:41 UTC

Created exif tracking bugs for this issue:

Affects: fedora-all [bug 1958808]


Created libexif tracking bugs for this issue:

Affects: fedora-all [bug 1958809]

Comment 2 Stefan Cornelius 2021-05-17 09:37:31 UTC

Patch:
https://github.com/libexif/exif/commit/f6334d9d32437ef13dc902f0a88a2be0063d9d1c

Note You need to log in before you can comment on or make changes to this bug.