K48355112: PHP vulnerability CVE-2018-10549

Security Advisory Description An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exifreaddata in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exifiifaddvalue mishandles the case of a MakerNote that lacks a fin...

SUSE CVE-2018-10549

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exifreaddata in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exifiifaddvalue mishandles the case of a MakerNote that lacks a final '\0' character...

SUSE CVE-2020-13112

An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093...

SUSE CVE-2020-13113

An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions...

SUSE CVE-2020-13114

An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data...

RLSA-2022:1842 Moderate: exiv2 security, bug fix, and enhancement update

Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. The following packages have been upgraded to ...

jhead 安全漏洞

jhead is a tool for modifying information in JPEG files. A security vulnerability exists in makernote.c in jhead versions 3.04 and 3.05. No information about the vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...

CVE-2021-28276

CVE-2021-28276 affects jhead 3.04 and 3.05; DoS via a wild address read in ProcessCanonMakerNoteDir (makernote.c). Impact: availability degradation. Mitigation: upgrade to jhead 3.06+ (per GLSA/Ubuntu advisories). No exploitation details provided in the sources; no further specifics beyond the ci...

OESA-2021-1286 libexif security update

Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags. Security Fixes: An issue was discovered in libexif before 0.6.22. Use of uninitialized memor...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libexif Multiple Vulnerabilities (NS-SA-2021-0036)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libexif packages installed that are affected by multiple vulnerabilities: - In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media...

libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time

An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data...

libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free

An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions...

Huawei EulerOS: Security Advisory for libexif (EulerOS-SA-2020-2356)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : libexif (ALAS-2020-1523)

The version of libexif installed on the remote host is prior to 0.6.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1523 advisory. In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of...

Oracle Linux 7 : libexif (ELSA-2020-4040)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4040 advisory. 0.6.22-1 - Upgrade to 0.6.22 - Resolves: 1841316 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

Denial Of Service (DoS)

libexif is vulnerable to denial of service. Unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time and a potential application crash...

libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time

An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data...

libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free

An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions...

EulerOS 2.0 SP3 : libexif (EulerOS-SA-2020-2142)

According to the versions of the libexif package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - exifentrygetvalue in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.CVE-2020-12767 - An issue was discovered in libexif before 0.6.22...

EulerOS 2.0 SP5 : libexif (EulerOS-SA-2020-1923)

According to the versions of the libexif package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large...