Lucene search

Gentoo FoundationMGASA-2020-0426

HistoryNov 15, 2020 - 6:45 p.m.

Updated libexif packages fix a security vulnerability

2020-11-1518:45:05

Gentoo Foundation

advisories.mageia.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.7%

JSON

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2020-0452)

OSVersionArchitecturePackageVersionFilename
Mageia7noarchlibexif< 0.6.22-1.2libexif-0.6.22-1.2.mga7

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	libexif	< 0.6.22-1.2	libexif-0.6.22-1.2.mga7

References

bugs.mageia.org/show_bug.cgi?id=27592

ubuntu.com/security/notices/USN-4624-1

www.debian.org/security/2020/dsa-4786

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.7%

JSON

Related for MGASA-2020-0426