CVEs-PoC/2021/CVE-2021-21235.md

### [CVE-2021-21235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21235)
![](https://img.shields.io/static/v1?label=Product&message=exif-rs&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%200.5.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brightgreen)

### Description

kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::read_from_container can cause an infinite loop when a crafted PNG file is given. This is fixed in version 0.5.3. No workaround is available. Applications that do not pass files with the PNG signature to Reader::read_from_container are not affected.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Artisan-Lab/Rust-memory-safety-bugs