7 matches found
CVE-2020-13112
Concisely: CVE-2020-13112 affects libexif prior to 0.6.22, caused by several buffer over-reads in EXIF MakerNote handling that could lead to information disclosure and crashes. Multiple connected advisories (ALAS2-2020-1523/1393, ALAS-2020-1443, CESA/CentOS/RH advisories, Debian LTS) corroborate ...
CVE-2020-0093
CVE-2020-0093 is a libexif vulnerability affecting Android 8.x–10, where a missing bounds check in exif_data_save_data_entry can cause an out-of-bounds read, leading to local information disclosure. The issue arises from an insufficient bounds check in exif-data.c; exploit requires user interacti...
CVE-2020-13113
The CVE-2020-13113 issue affects libexif up to version 0.6.22. The root cause is use of uninitialized memory in EXIF Makernote handling, which could cause crashes and potential use-after-free conditions. The connected advisories confirm this as a vulnerability in libexif with impacts including cr...
CVE-2016-6328
CVE-2016-6328 affects the libexif library, where an integer overflow during parsing of the MNOTE entry data in input files can lead to Denial-of-Service and Information Disclosure (including sensitive heap data). Public remediation exists: Debian LTS fixed in libexif 0.6.21-2+deb8u2; Cloud Foundr...
CVE-2020-13114
CVE-2020-13114 affects libexif up to version 0.6.21, where an unrestricted size in handling Canon EXIF MakerNote data can cause excessive compute time during EXIF decoding (DoS). Affected component: libexif (exif-data.c/maker-note handling). Impact described across multiple advisories: potential ...
CVE-2020-0198
The CVE-2020-0198 entry concerns the libexif library used on Android-10. The issue is in exif_data_load_data_content of exif-data.c, where an integer overflow can trigger a UBSAN abort, potentially enabling remote denial of service with no additional execution privileges. Exploitation requires us...
CVE-2020-0181
CVE-2020-0181 affects libexif: the DoS is due to an integer overflow in exif_data_load_data_thumbnail within exif-data.c. The Nessus/NVD data describe remote denial of service with network access and no user interaction. Multiple advisories (Unity Linux, MiracleLinux, SUSE, Red Hat) reference thi...