The vulnerability of the exif_entry_get_value() function in the exif-entry.c component of the Libexif library for EXIF-file parsing allows a hacker to access confidential data and cause service interruptions. This vulnerability is related to reading beyond the allowed buffer size.

🗓️ 30 Sep 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 4 Views

Exif entry value vulnerability allows reading beyond buffer, risking data leakage and service disruption.

Reporter	Title	Published	Views	Family All 56
Tenable Nessus	Amazon Linux 2 : libexif (ALAS-2020-1523)	28 Oct 202000:00	–	nessus
Tenable Nessus	CentOS 8 : libexif (CESA-2020:4766)	1 Feb 202100:00	–	nessus
Tenable Nessus	CentOS 7 : libexif (RHSA-2020:4040)	20 Oct 202000:00	–	nessus
Tenable Nessus	Debian DLA-2249-1 : libexif security update	17 Jun 202000:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : libexif (EulerOS-SA-2021-1315)	22 Feb 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP3 : libexif (EulerOS-SA-2021-1809)	30 Apr 202100:00	–	nessus
Tenable Nessus	MiracleLinux 7 : libexif-0.6.22-1.el7 (AXSA:2020-584:04)	20 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 8 : libexif-0.6.22-4.el8 (AXSA:2021-1093:01)	20 Jan 202600:00	–	nessus
Tenable Nessus	NewStart CGSL CORE 5.04 / MAIN 5.04 : libexif Multiple Vulnerabilities (NS-SA-2021-0036)	10 Mar 202100:00	–	nessus
Tenable Nessus	NewStart CGSL MAIN 6.02 : libexif Multiple Vulnerabilities (NS-SA-2021-0068)	10 Mar 202100:00	–	nessus

Source	Link
github	www.github.com/libexif/libexif/commit/f9bb9f263fb00f0603ecbefa8957cad24168cbff
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-0182
security-tracker	www.security-tracker.debian.org/tracker/CVE-2020-0182
wiki	www.wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16
web	www.web.nvd.nist.gov/view/vuln/detail

30 Sep 2024 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 26.4

CVSS 36.5

EPSS0.01106

image metadata vulnerability buffer overread data leakage risk service disruption