HistoryEditJSON (OSV)

RUSTSEC-2021-0143

kamadak-exif DoS with untrusted PNG data

Reported
Issued
Package
kamadak-exif (crates.io)
Type
Vulnerability
Categories
Keywords
#untrusted-data #dos
Aliases
References
CVSS Score
6.5 MEDIUM
CVSS Details
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Patched
  • >=0.5.3
Unaffected
  • <0.5.2
Affected Functions
Version
kamadak_exif::Reader::read_from_container
  • >=0.5.2, <0.5.3

Description

Attacker crafted data can cause a infinite loop leading to DoS if used with untrusted data.

Advisory available under CC0-1.0 license.