CVE Vulnerabilities

CVE-2021-27815

NULL Pointer Dereference

Published: Apr 14, 2021 | Modified: May 21, 2021
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
5.5 LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ubuntu

NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Exif Libexif_project * 0.6.22
Exif Ubuntu devel *
Exif Ubuntu groovy *
Exif Ubuntu hirsute *
Exif Ubuntu impish *
Exif Ubuntu jammy *
Exif Ubuntu trusty *

Potential Mitigations

References