Use of Uninitialized Resource

CVE-2021-29623

Low

3.3/10

Summary

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in exiv2 versions through 0.27.4-RC2. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-908 - Use of Uninitialized Resource

The software uses or accesses a resource that has not been initialized.

References

Advisory
Pull request

Advisory Timeline

Published Dec 22, 2023

Use of Uninitialized Resource

CVE-2021-29623

Summary

CWE-908 - Use of Uninitialized Resource

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS