The libexif packages provide a library for extracting extra information from image files.
The following packages have been upgraded to a later upstream version: libexif (0.6.22). (BZ#1841316)
libexif: out of bound write in exif-data.c (CVE-2019-9278)
libexif: out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-data.c (CVE-2020-0093)
libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free (CVE-2020-13113)
libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time (CVE-2020-13114)
libexif: out of bounds read due to a missing bounds check in exif_entry_get_value function in exif-entry.c (CVE-2020-0182)
libexif: divide-by-zero in exif_entry_get_value function in exif-entry.c (CVE-2020-12767)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.