---

CVE-2020-13114 - log back

CVE-2020-13114 edited at 21 May 2020 02:32:21

Description

- FIX: A malicious file could be crafted to cause extremely large values in some tags without tripping any buffer range checks. This is bad with the libexif representation of Canon MakerNotes because some arrays are turned into individual tags that the application must loop around. + An issue has been found in libexif before 0.6.22 where a malicious file could be crafted to cause extremely large values in some tags without any buffer range checks which results in a time consumption denial of service when parsing canon array markers.

CVE-2020-13114 edited at 20 May 2020 22:09:32
Severity	- Unknown + Low
Remote	- Unknown + Local
Type	- Unknown + Denial of service
Description	+ FIX: A malicious file could be crafted to cause extremely large values in some tags without tripping any buffer range checks. This is bad with the libexif representation of Canon MakerNotes because some arrays are turned into individual tags that the application must loop around.
References	+ https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab
Notes

CVE-2020-13114 created at 19 May 2020 16:12:27