【安全公告:UTSA-2023-000161】-【CVE-2021-37621】

发布日期:2023-01-19

基本信息

漏洞编号: CVE-2021-37621

受影响系统版本: 服务器D版

受影响源码包: exiv2

修复版本: 0.25.8-deepin1

CWE编号: CWE-835

漏洞等级: 中危

CVSS_v3评分: 5.5

漏洞描述

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5.

修复方式

sudo apt update && sudo apt dist-upgrade

是否受影响判断

判断方法:apt policy PackageName
结果说明:版本小于修复版本,则受此漏洞影响,版本大于等于修复版本,则此漏洞已修复。

补丁链接

暂无