Package        : libexif
Version        : 0.6.21-2+deb8u3
CVE ID         : CVE-2018-20030 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114
Debian Bug     : 918730 961407 961409 961410


Various minor vulnerabilities have been addredd in libexif, a library to
parse EXIF metadata files.

CVE-2018-20030

    This issue had already been addressed via DLA-2214-1. However, upstream
    provided an updated patch, so this has been followed up on.

CVE-2020-13112

    Several buffer over-reads in EXIF MakerNote handling could have lead
    to information disclosure and crashes. This issue is different from
    already resolved CVE-2020-0093.

CVE-2020-13113

    Use of uninitialized memory in EXIF Makernote handling could have
    lead to crashes and potential use-after-free conditions.

CVE-2020-13114

    An unrestricted size in handling Canon EXIF MakerNote data could have
    lead to consumption of large amounts of compute time for decoding
    EXIF data.

For Debian 8 "Jessie", these problems have been fixed in version
0.6.21-2+deb8u3.

We recommend that you upgrade your libexif packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-- 

mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, https://sunweavers.net/

Debian LTS: DLA-2222-1: libexif security update

May 28, 2020
Various minor vulnerabilities have been addredd in libexif, a library to parse EXIF metadata files

Summary



Various minor vulnerabilities have been addredd in libexif, a library to
parse EXIF metadata files.

CVE-2018-20030

This issue had already been addressed via DLA-2214-1. However, upstream
provided an updated patch, so this has been followed up on.

CVE-2020-13112

Several buffer over-reads in EXIF MakerNote handling could have lead
to information disclosure and crashes. This issue is different from
already resolved CVE-2020-0093.

CVE-2020-13113

Use of uninitialized memory in EXIF Makernote handling could have
lead to crashes and potential use-after-free conditions.

CVE-2020-13114

An unrestricted size in handling Canon EXIF MakerNote data could have
lead to consumption of large amounts of compute time for decoding
EXIF data.

For Debian 8 "Jessie", these problems have been fixed in version
0.6.21-2+deb8u3.

We recommend that you upgrade your libexif packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

--

mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, https://sunweavers.net/



Severity 
Package        : libexif
Version : 0.6.21-2+deb8u3
CVE ID : CVE-2018-20030 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114
Debian Bug : 918730 961407 961409 961410

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved