Moderate severityNVD Advisory· Published Jan 6, 2021· Updated Aug 3, 2024
Infinite loop in parsing PNG files in
CVE-2021-21235
Description
kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::read_from_container can cause an infinite loop when a crafted PNG file is given. This is fixed in version 0.5.3. No workaround is available. Applications that do not pass files with the PNG signature to Reader::read_from_container are not affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kamadak-exifcrates.io | >= 0.5.2, < 0.5.3 | 0.5.3 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-px9g-8hgv-jvg2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-21235ghsaADVISORY
- crates.io/crates/kamadak-exifghsax_refsource_MISCWEB
- github.com/kamadak/exif-rs/commit/1b05eab57e484cd7d576d4357b9cda7fdc57df8cghsaWEB
- github.com/kamadak/exif-rs/commit/f21df24616ea611c5d5d0e0e2f8042eb74d5ff48ghsax_refsource_MISCWEB
- github.com/kamadak/exif-rs/security/advisories/GHSA-px9g-8hgv-jvg2ghsax_refsource_CONFIRMWEB
- rustsec.org/advisories/RUSTSEC-2021-0143.htmlghsaWEB
News mentions
0No linked articles in our index yet.