--- b/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,59 @@ + + Exiv2 -- Multiple vulnerabilities + + + exiv2 + 0.27.4 + + + + +

Exiv2 teams reports:

+
+

Multiple vulnerabilities covering buffer overflows, out-of-bounds, + read of uninitialized memory and denial of serivce. The heap + overflow is triggered when Exiv2 is used to read the metadata of + a crafted image file. An attacker could potentially exploit the + vulnerability to gain code execution, if they can trick the victim + into running Exiv2 on a crafted image file. The out-of-bounds read + is triggered when Exiv2 is used to write metadata into a crafted + image file. An attacker could potentially exploit the vulnerability + to cause a denial of service by crashing Exiv2, if they can trick + the victim into running Exiv2 on a crafted image file. The read of + uninitialized memory is triggered when Exiv2 is used to read the + metadata of a crafted image file. An attacker could potentially + exploit the vulnerability to leak a few bytes of stack memory, if + they can trick the victim into running Exiv2 on a crafted image + file.

+
+ +
+ + CVE-2021-29457 + https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm + CVE-2021-29458 + https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5 + CVE-2021-29463 + https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr + CVE-2021-29464 + https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p + CVE-2021-29470 + https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj + CVE-2021-29473 + https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2 + CVE-2021-29623 + https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v + CVE-2021-32617 + https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj + CVE-2021-3482 + https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jp9-m3fv-2vg9 + + + 2021-04-25 + 2021-06-30 + +
+ RabbitMQ -- Denial of Service via improper input validation