rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
advisory-db/crates/kamadak-exif/RUSTSEC-2021-0143.md
github-actions[bot] 71a03d5759 Assigned RUSTSEC-2021-0143 to kamadak-exif (#1413) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
2022-09-08 20:52:02 +10:00

655 B
Raw Permalink Blame History 

[advisory]
id = "RUSTSEC-2021-0143"
package = "kamadak-exif"
date = "2021-01-04"
url = "https://github.com/kamadak/exif-rs/commit/1b05eab57e484cd7d576d4357b9cda7fdc57df8c"
categories = ["denial-of-service"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
keywords = ["untrusted-data", "dos"]
aliases = ["CVE-2021-21235", "GHSA-px9g-8hgv-jvg2"]

[affected]
functions = { "kamadak_exif::Reader::read_from_container" = [">= 0.5.2, < 0.5.3"] }

[versions]
patched = [">= 0.5.3"]
unaffected = ["< 0.5.2"]

kamadak-exif DoS with untrusted PNG data

Attacker crafted data can cause a infinite loop leading to DoS if used with untrusted data.