The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Exiv2: denial of service via Image Metadata

Synthesis of the vulnerability 

An attacker can trigger a fatal error via Image Metadata of Exiv2, in order to trigger a denial of service.
Impacted systems: Fedora, Ubuntu.
Severity of this alert: 1/4.
Creation date: 25/05/2021.
Références of this alert: CVE-2021-32617, FEDORA-2021-8253c78bd7, FEDORA-2021-8917c5d9d2, FEDORA-2021-bdba47348c, FEDORA-2021-d1d5a0bf0f, USN-4964-1, VIGILANCE-VUL-35525.

Description of the vulnerability 

An attacker can trigger a fatal error via Image Metadata of Exiv2, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability note impacts software or systems such as Fedora, Ubuntu.

Our Vigil@nce team determined that the severity of this cybersecurity vulnerability is low.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer threat note.

Solutions for this threat 

Fedora 33-34: new mingw-exiv2 packages.
New packages are available:
  Fedora 33: mingw-exiv2 0.27.3-6.fc33
  Fedora 34: mingw-exiv2 0.27.3-6.fc34

Fedora 33: new exiv2 packages.
New packages are available:
  Fedora 33: exiv2 0.27.3-7.fc33

Fedora 34: new exiv2 packages.
New packages are available:
  Fedora 34: exiv2 0.27.3-7.fc34

Ubuntu: new exiv2 packages.
New packages are available:
  Ubuntu 21.04: exiv2 0.27.3-3ubuntu1.3, libexiv2-27 0.27.3-3ubuntu1.3
  Ubuntu 20.10: exiv2 0.27.3-3ubuntu0.4, libexiv2-27 0.27.3-3ubuntu0.4
  Ubuntu 20.04 LTS: exiv2 0.27.2-8ubuntu2.4, libexiv2-27 0.27.2-8ubuntu2.4
  Ubuntu 18.04 LTS: exiv2 0.25-3.1ubuntu0.18.04.9, libexiv2-14 0.25-3.1ubuntu0.18.04.9
  Ubuntu 16.04 ESM: exiv2 0.25-2.1ubuntu16.04.7+esm2, libexiv2-14 0.25-2.1ubuntu16.04.7+esm2
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer security note. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.