Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

Mageia: 2020-0238 Moderate: Libexif Out Of Bounds Access

mageia
Calendar Grey May 27, 2020
Dist Mageia Esm H88
Mageia has rolled out enhancements to libexif addressing significant vulnerabilities that could allow local data leaks. Discover the ramifications now.
The updated packages fix a security vulnerability: In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check

Summary

The updated packages fix a security vulnerability:
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. (CVE-2020-0093)
exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error (CVE-2020-12767).
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes (CVE-2020-13112).
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions (CVE-2020-13113).
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data (CVE-2020-13114).
The libexi...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26650

- https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html

- https://github.com/libexif/libexif/blob/libexif-0_6_22-release/NEWS

- https://github.com/libexif/exif/blob/exif-0_6_22-release/NEWS

- https://www.cve.org/CVERecord?id=CVE-2020-0093

- https://www.cve.org/CVERecord?id=CVE-2020-13112

- https://www.cve.org/CVERecord?id=CVE-2020-13113

- https://www.cve.org/CVERecord?id=CVE-2020-13114

Topics%20covered

Topics Covered

security advisory local access information disclosure out of bounds libexif Mageia

Resolution

SRPMS

- 7/core/libexif-0.6.22-1.mga7

- 7/core/exif-0.6.22-1.mga7

Publication date: 27 May 2020
URL: https://advisories.mageia.org/MGASA-2020-0238.html
Type: security
CVE: CVE-2020-0093, CVE-2020-13112, CVE-2020-13113, CVE-2020-13114

Topics%20covered

Topics Covered

security advisory local access information disclosure out of bounds libexif Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here