CVE-2017-7544

libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exifdatasavedataentry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.

References

Affected packages

Git / github.com/libexif/exif

Affected ranges

Type: GIT
Repo: https://github.com/libexif/exif
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

faee2711aed6a1a2046d5f0fd89c1c894cd73400

Affected versions

Other

exif-0_6-release

exif-0_6_15-release

exif-0_6_17-release

exif-0_6_18-release

exif-0_6_19-release

exif-0_6_20-release

exif-0_6_21-release

exif-0_6_9-release

Git / github.com/libexif/libexif

Affected ranges

Type: GIT
Repo: https://github.com/libexif/libexif
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

9ab318d93b274df204c195c9a729f778401a8d8f

Affected versions

Other

libexif-0_5_7-rc2

libexif-0_5_7-rc3

libexif-0_5_7-rc4

libexif-0_5_7-release

libexif-0_5_9-release

libexif-0_6_12-release

libexif-0_6_14-release

libexif-0_6_15-release

libexif-0_6_16-release

libexif-0_6_17-release

libexif-0_6_18-release

libexif-0_6_19-release

libexif-0_6_20-release

libexif-0_6_21-release

libexif-before-0_6_0-api-change