MGASA-2018-0051

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0051.html

Import Source

https://advisories.mageia.org/MGASA-2018-0051.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0051

Related

CVE-2016-6328

Published

2018-01-03T15:50:51Z

Modified

2018-01-03T15:28:15Z

Summary

Updated libexif packages fix security vulnerability

Details

A vulnerability was found in libexif. The vulnerability is caused by an integer overflow. In some cases, the integer overflow can cause Heap Out-of-Bounds Read, i.e. Heap Buffer Overflow vulnerability. In some other cases, the integer overflow can cause use of uninitialized pointer variable, i.e. Use of Uninitialized Variable Vulnerability. The vulnerability happens when parsing MNOTE entry data of the input file. The vulnerability can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applicationsâ private data) (CVE-2016-6328).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / libexif

Package

Name: libexif
Purl: pkg:rpm/mageia/libexif?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.21-8.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / libexif

Package

Name: libexif
Purl: pkg:rpm/mageia/libexif?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.21-9.1.mga6

Ecosystem specific

{
    "section": "core"
}