CVE-2021-27815 — NULL Pointer Dereference in Exif

CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 56.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exif Debian Exif Libexif Project Exif +1 more

Timeline

PublishedApr 14

Latest updateMay 24

Description

NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/exif< exif 0.6.22-3 (bookworm)

▶Debianexif/exif< 0.6.22-3+2

▶NVDlibexif_project/exif0.6.22

Also affects: Fedora 32, 33, 34

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-f35c-rqpm-6c5v: NULL Pointer Deference in the "actions↗2022-05-24

▶

OSV

CVE-2021-27815: NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0↗2021-04-14

▶

📋Vendor Advisories

Red Hat

libexif: NULL Pointer Deference may lead to DoS by uploading a malicious JPEG file↗2021-02-25

▶

Debian

CVE-2021-27815: exif - NULL Pointer Deference in the exif command line tool, when printing out XML form...↗2021

▶