libexif is vulnerable to out-of-bounds write. The bounds checking for data size was not done to prevent integer overflow, leading to writing out of the data boundary.
lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html
lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
www.openwall.com/lists/oss-security/2019/10/25/17
www.openwall.com/lists/oss-security/2019/10/27/1
www.openwall.com/lists/oss-security/2019/11/07/1
bugzilla.redhat.com/show_bug.cgi?id=1789031
github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566
github.com/libexif/libexif/issues/26
lists.debian.org/debian-lts-announce/2020/02/msg00007.html
lists.fedoraproject.org/archives/list/[email protected]/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/
lists.fedoraproject.org/archives/list/[email protected]/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/
seclists.org/bugtraq/2020/Feb/9
security.gentoo.org/glsa/202007-05
source.android.com/security/bulletin/android-10
usn.ubuntu.com/4277-1/
www.debian.org/security/2020/dsa-4618