Vulnerabilities > CVE-2021-21235 - Infinite Loop vulnerability in Kamadak-Exif Project Kamadak-Exif 0.5.2

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

kamadak-exif-project

CWE-835

NVD

Published: 2021-01-06

Updated: 2022-10-19

Summary

kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::read_from_container can cause an infinite loop when a crafted PNG file is given. This is fixed in version 0.5.3. No workaround is available. Applications that do not pass files with the PNG signature to Reader::read_from_container are not affected.

Vulnerable Configurations

Part	Description	Count
Application	Kamadak-Exif_Project Kamadak Exif Project Kamadak Exif 0.5.2	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References