Bug 1188756 - (CVE-2021-31292) VUL-1: CVE-2021-31292: exiv2: An integer overflow in CrwMap:encode0x1810 allows attackers to trigger a heap-based buffer overflow and cause a denial of service via crafted metadata.
(CVE-2021-31292)
VUL-1: CVE-2021-31292: exiv2: An integer overflow in CrwMap:encode0x1810 allo...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Minor
: ---
Assigned To: Dirk Mueller
Security Team bot
https://smash.suse.de/issue/305175/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-07-27 14:57 UTC by Robert Frohl
Modified: 2022-09-28 16:21 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2021-07-27 14:57:11 UTC
CVE-2021-31292

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to
trigger a heap-based buffer overflow and cause a denial of service (DOS) via
crafted metadata.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31292
https://github.com/Exiv2/exiv2/issues/1530
Comment 1 Robert Frohl 2021-07-27 15:04:43 UTC
does not affect any version of SLE and already fixed in openSUSE:Factory, closing