libexif.so is vulnerable to information disclosure. A buffer overread and integer overflow occur when decoding pentax makernote entries of an input file, which discloses confidential information such as heap chunk metadata and applications’ private data. It may also result in a denial of service condition.
CPE | Name | Operator | Version |
---|---|---|---|
libexif.so | eq | 12.3.3 | |
libexif:edge | eq | 0.6.21-r3 | |
libexif.so | eq | 12.3.3 | |
libexif:edge | eq | 0.6.21-r3 |
lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328
github.com/libexif/libexif/commit/41bd04234b104312f54d25822f68738ba8d7133d
lists.debian.org/debian-lts-announce/2020/05/msg00016.html
security.gentoo.org/glsa/202007-05
usn.ubuntu.com/4277-1/