CVE-2021-27815

MEDIUM
Published Apr 14, 20215y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 14, 2021 5y ago
Last Modified Jun 17, 2026 2w ago

Description

NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 4

VendorProductVersionRange
libexif_projectexif* ≤0.6.22
fedoraprojectfedora32any
fedoraprojectfedora33any
fedoraprojectfedora34any

References 7

  • github.com https://github.com/libexif/exif/commit/eb84b0e3c5f2a86013b6fcfb800d187896a648fa
    PatchThird Party Advisory
  • github.com https://github.com/libexif/exif/commit/f6334d9d32437ef13dc902f0a88a2be0063d9d1c
    PatchThird Party Advisory
  • github.com https://github.com/libexif/exif/issues/4
    ExploitThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSWAXZVNXYLV3E4R6YQTEGRGMGWEAR76/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMC6OTXZRPCUD3LOSWO4ISR7CH7NJQDT/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZQ3L45F7S7PQPG5HEHXOCGNOO64MJOS/
  • security.gentoo.org https://security.gentoo.org/glsa/202210-28
    Third Party Advisory

Remediation

  • github.com https://github.com/libexif/exif/commit/eb84b0e3c5f2a86013b6fcfb800d187896a648fa
    PatchThird Party Advisory
  • github.com https://github.com/libexif/exif/commit/f6334d9d32437ef13dc902f0a88a2be0063d9d1c
    PatchThird Party Advisory