Vulnerabilities > CVE-2021-21235 - Infinite Loop vulnerability in Kamadak-Exif Project Kamadak-Exif 0.5.2

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
kamadak-exif-project
CWE-835

Summary

kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::read_from_container can cause an infinite loop when a crafted PNG file is given. This is fixed in version 0.5.3. No workaround is available. Applications that do not pass files with the PNG signature to Reader::read_from_container are not affected.

Vulnerable Configurations

Part Description Count
Application
Kamadak-Exif_Project
1