Veracode Vulnerability DatabaseVERACODE:7678Information Disclosure
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
libexif.so is vulnerable to information disclosure. A buffer overread and integer overflow occur when decoding pentax makernote entries of an input file, which discloses confidential information such as heap chunk metadata and applicationsβ private data. It may also result in a denial of service condition.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libexif.so | eq | 12.3.3 | |
| libexif:edge | eq | 0.6.21-r3 | |
| libexif.so | eq | 12.3.3 | |
| libexif:edge | eq | 0.6.21-r3 |
References
lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328
github.com/libexif/libexif/commit/41bd04234b104312f54d25822f68738ba8d7133d
lists.debian.org/debian-lts-announce/2020/05/msg00016.html
security.gentoo.org/glsa/202007-05
usn.ubuntu.com/4277-1/
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P