DLA-2222-1

Source
https://storage.googleapis.com/debian-osv/dla-osv/DLA-2222-1.json
Aliases
Published
2020-05-28T00:00:00Z
Modified
2022-08-05T05:18:46.766117Z
Details

Various minor vulnerabilities have been addredd in libexif, a library to parse EXIF metadata files.

  • CVE-2018-20030 This issue had already been addressed via DLA-2214-1. However, upstream provided an updated patch, so this has been followed up on.
  • CVE-2020-13112 Several buffer over-reads in EXIF MakerNote handling could have lead to information disclosure and crashes. This issue is different from already resolved CVE-2020-0093.
  • CVE-2020-13113 Use of uninitialized memory in EXIF Makernote handling could have lead to crashes and potential use-after-free conditions.
  • CVE-2020-13114 An unrestricted size in handling Canon EXIF MakerNote data could have lead to consumption of large amounts of compute time for decoding EXIF data.

For Debian 8 Jessie, these problems have been fixed in version 0.6.21-2+deb8u3.

We recommend that you upgrade your libexif packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

References

Affected packages

Debian:8 / libexif

libexif

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
0.6.21-2+deb8u3

Affected versions

0.*

0.6.21-2
0.6.21-2+deb8u1
0.6.21-2+deb8u2