{"id":"CVE-2021-29464","details":"Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4.","modified":"2026-04-02T06:49:39.304918Z","published":"2021-04-30T19:15:07.187Z","related":["ALSA-2021:4173","GHSA-jgm9-5fw5-pw9p","MGASA-2021-0240"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDMZTVQAZSMLPTDVDYLBHAAF7I5QXVYQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3HKXR6JOVKMBE4HY4FDXNVZGNCQG6T3/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202312-06"},{"type":"ADVISORY","url":"https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p"},{"type":"FIX","url":"https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/exiv2/exiv2","events":[{"introduced":"0"},{"fixed":"15098f4ef50cc721ad0018218acab2ff06e60beb"},{"fixed":"f9308839198aca5e68a65194f151a1de92398f54"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.27.4"}]}}],"versions":["0.27","0.27-RC2","0.27-RC3","0.27.1","v0.10","v0.11","v0.12","v0.13","v0.14","v0.15","v0.16","v0.16-pre1","v0.17","v0.17.1","v0.18","v0.18-pre1","v0.18-pre2","v0.18.1","v0.18.2","v0.19","v0.20","v0.21","v0.21.1","v0.22","v0.23","v0.23.1","v0.24","v0.25","v0.26","v0.27-RC1","v0.27.0","v0.27.1","v0.27.1-RC1","v0.27.2","v0.27.2-RC1","v0.27.2-RC2","v0.27.2-RC3","v0.27.3","v0.27.3-RC1","v0.27.3-RC2","v0.27.4-RC1","v0.27.4-RC2","v0.27.4-RC3","v0.3","v0.4","v0.5","v0.6","v0.6.1","v0.6.2","v0.7","v0.8","v0.9","v0.9.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29464.json","vanir_signatures":[{"signature_type":"Line","source":"https://github.com/exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54","digest":{"line_hashes":["323728222833538923038944730393132703934","24749543631507264723746914446195151479","76802448304416166379448936806878801315","234957559214220615582122127754102325495","275450592817794157285816532393627859209","87670471384412651251321462646562134881","114497833031464664794866836019212823344","115324630711529566996375131005995028801","115588095376320194610437193210480108975","161802120353393359573629174985040623209","78886350060633755983035439595702394","50161156128312907545539673432889024690","52588574467330224408576858640562188721","103350852771569627785933163969062514890","291787656159276189544876712387029726223","303134045822942712871844582524794431568","323201933430005402075719111048790072190","90026066209195267352953936172543050696","241196500115797223576545330965582388403","242525065048684870948914503761593069582","116436437810386455374749867256768513321","133702476651164271979726261909386052591","70555295058522195116472804523663574236","174067505862308538886067349865241686217","239111711937241339327911470879130231556","143397300216908999081310858062271806749","114950416085279614966063287613211851319","154802448534375716299749512657983733829","180768494370747544339887021743852714073","224287473853457600596126537646514404550"],"threshold":0.9},"target":{"file":"src/jp2image.cpp"},"signature_version":"v1","deprecated":false,"id":"CVE-2021-29464-55b6959c"},{"signature_type":"Function","source":"https://github.com/exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54","digest":{"length":2286,"function_hash":"337158091193550846272945469042916636495"},"target":{"function":"Jp2Image::encodeJp2Header","file":"src/jp2image.cpp"},"signature_version":"v1","deprecated":false,"id":"CVE-2021-29464-8d5dbd5c"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}