Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2020:1553-1 Moderate: Resolutions for libexif Vulnerabilities

suse
Calendar Grey June 8, 2020
Dist Suse Esm H88
SUSE has released a security update for libexif addressing 9 vulnerabilities, which include denial-of-service and integer-related issues impacting overall security.
An update that fixes 9 vulnerabilities is now available

Summary

This update for libexif to 0.6.22 fixes the following issues: Security issues fixed: - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory

Topics%20covered

Topics Covered

security advisory moderate denial of service integer overflow SUSE out-of-bounds read libexif

References

#1055857 #1059893 #1120943 #1160770 #1171475

#1171847 #1172105 #1172116 #1172121

Cross- CVE-2016-6328 CVE-2017-7544 CVE-2018-20030

CVE-2019-9278 CVE-2020-0093 CVE-2020-12767

CVE-2020-13112 CVE-2020-13113 CVE-2020-13114

Affected Products:

SUSE Linux Enterprise Module for Desktop Applications 15-SP1

https://www.suse.com/security/cve/CVE-2016-6328.html

https://www.suse.com/security/cve/CVE-2017-7544.html

https://www.suse.com/security/cve/CVE-2018-20030.html

https://www.suse.com/security/cve/CVE-2019-9278.html

https://www.suse.com/security/cve/CVE-2020-0093.html

https://www.suse.com/security/cve/CVE-2020-12767.html

https://www.suse.com/security/cve/CVE-2020-13112.html

https://www.suse.com/security/cve/CVE-2020-13113.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:1553-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate denial of service integer overflow SUSE out-of-bounds read libexif

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here