VIR Vulnerability Intelligence Relay

CVE-2021-37620

low
Published — · Modified —
CVSS v3
CVSS v2
VIR risk
2.5

Description

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2021-37620.html

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2021-37620

OS impact
OSVersionStatusFixed in
arch archfixed0.27.5-1
debian debianbookwormfixed0.27.5-1
debian debianbullseyefixed0.27.3-3+deb11u2
debian debianforkyfixed0.27.5-1
debian debiansidfixed0.27.5-1
debian debiantrixiefixed0.27.5-1
suse slesaffected

References

Verify integrity in audit chain (admin only). AS-IS.