AVG-1166 log

Package libexif
Status Testing
Severity High
Type multiple issues
Affected 0.6.21-1
Fixed 0.6.22-1
Current 0.6.22-1 [testing]
0.6.21-4 [extra]
Ticket None
Created Tue May 19 16:12:27 2020
Issue Severity Remote Type Description
CVE-2020-13114 Low No Denial of service
An issue has been found in libexif before 0.6.22 where a malicious file could be crafted to cause extremely large values in some tags without any buffer...
CVE-2020-13113 Low No Denial of service
An issue has been found in libexif before 0.6.22 where data pointers were not properly initialized with NULL which could allow for uninitialized pointers to...
CVE-2020-13112 Low No Denial of service
Check for a size overflow while reading tags, which ensures that the size is always consistent for the given components and type of the entry, making...
CVE-2020-12767 Low No Denial of service
exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide- by-zero error.
CVE-2020-0093 Medium No Information disclosure
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information...
CVE-2019-9278 Medium Yes Arbitrary code execution
In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content...
CVE-2018-20030 Low No Denial of service
An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.
CVE-2017-7544 High No Information disclosure
libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif- data.c caused by...
CVE-2016-6328 Medium No Information disclosure
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of- Service (DoS) and...