CVE-2021-34335 — Divide By Zero in Exiv2

CWE-369 — Divide By Zero7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 77.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exiv2 Debian Exiv2 Fedoraproject Fedora +3 more

Timeline

PublishedAug 9

Latest updateAug 17

Description

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this b…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

▶debiandebian/exiv2< exiv2 0.27.5-1 (bookworm)

▶Debianexiv2/exiv2< 0.27.3-3+deb11u2+3

▶Ubuntuexiv2/exiv2< 0.25-3.1ubuntu0.18.04.11+2

▶NVDexiv2/exiv20.27.4

▶msrcmsrc/cbl2_exiv2_0.27.5-1_on_cbl_mariner_2.0

Also affects: Fedora 33, 34

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

exiv2 vulnerabilities↗2021-08-17

▶

OSV

CVE-2021-34335: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files↗2021-08-09

▶

📋Vendor Advisories

Ubuntu

Exiv2 vulnerabilities↗2021-08-17

▶

Microsoft

Denial of service due to FPE in Exiv2::Internal::resolveLens0xffff↗2021-08-10

▶

Red Hat

exiv2: DoS due to FPE in Exiv2::Internal::resolveLens0xffff↗2021-08-08

▶

Debian

CVE-2021-34335: exiv2 - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, ...↗2021

▶