Lucene search
K

7 matches found

CVE
CVE
added 2020/05/21 3:56 p.m.449 views

CVE-2020-13112

Concisely: CVE-2020-13112 affects libexif prior to 0.6.22, caused by several buffer over-reads in EXIF MakerNote handling that could lead to information disclosure and crashes. Multiple connected advisories (ALAS2-2020-1523/1393, ALAS-2020-1443, CESA/CentOS/RH advisories, Debian LTS) corroborate ...

9.1CVSS6.8AI score0.02684EPSS
CVE
CVE
added 2020/05/14 8:10 p.m.412 views

CVE-2020-0093

CVE-2020-0093 is a libexif vulnerability affecting Android 8.x–10, where a missing bounds check in exif_data_save_data_entry can cause an out-of-bounds read, leading to local information disclosure. The issue arises from an insufficient bounds check in exif-data.c; exploit requires user interacti...

5CVSS6AI score0.00301EPSS
CVE
CVE
added 2020/05/21 4:3 p.m.406 views

CVE-2020-13113

The CVE-2020-13113 issue affects libexif up to version 0.6.22. The root cause is use of uninitialized memory in EXIF Makernote handling, which could cause crashes and potential use-after-free conditions. The connected advisories confirm this as a vulnerability in libexif with impacts including cr...

8.2CVSS8.5AI score0.01887EPSS
CVE
CVE
added 2018/10/31 9:0 p.m.291 views

CVE-2016-6328

CVE-2016-6328 affects the libexif library, where an integer overflow during parsing of the MNOTE entry data in input files can lead to Denial-of-Service and Information Disclosure (including sensitive heap data). Public remediation exists: Debian LTS fixed in libexif 0.6.21-2+deb8u2; Cloud Foundr...

8.1CVSS7.8AI score0.01525EPSS
CVE
CVE
added 2020/05/21 3:50 p.m.236 views

CVE-2020-13114

CVE-2020-13114 affects libexif up to version 0.6.21, where an unrestricted size in handling Canon EXIF MakerNote data can cause excessive compute time during EXIF decoding (DoS). Affected component: libexif (exif-data.c/maker-note handling). Impact described across multiple advisories: potential ...

7.5CVSS8.1AI score0.02301EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.231 views

CVE-2020-0198

The CVE-2020-0198 entry concerns the libexif library used on Android-10. The issue is in exif_data_load_data_content of exif-data.c, where an integer overflow can trigger a UBSAN abort, potentially enabling remote denial of service with no additional execution privileges. Exploitation requires us...

7.5CVSS7.6AI score0.04262EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.119 views

CVE-2020-0181

CVE-2020-0181 affects libexif: the DoS is due to an integer overflow in exif_data_load_data_thumbnail within exif-data.c. The Nessus/NVD data describe remote denial of service with network access and no user interaction. Multiple advisories (Unity Linux, MiracleLinux, SUSE, Red Hat) reference thi...

7.5CVSS7.6AI score0.02856EPSS