Synopsis: Moderate: libexif security, bug fix, and enhancement update
Advisory ID: SLSA-2020:4040-1
Issue Date: 2020-10-01
CVE Numbers: CVE-2020-12767
CVE-2020-13113
CVE-2020-0093
CVE-2020-0182
CVE-2020-13114
CVE-2019-9278
—
Security Fix(es):
* libexif: out of bound write in exif-data.c (CVE-2019-9278)
* libexif: out of bounds read due to a missing bounds check in
exif_data_save_data_entry function in exif-data.c (CVE-2020-0093)
* libexif: use of uninitialized memory in EXIF Makernote handling can lead
to crashes and use-after-free (CVE-2020-13113)
* libexif: unrestricted size in handling Canon EXIF MakerNote data can lead
to consumption of large amounts of compute time (CVE-2020-13114)
* libexif: out of bounds read due to a missing bounds check in
exif_entry_get_value function in exif-entry.c (CVE-2020-0182)
* libexif: divide-by-zero in exif_entry_get_value function in exif-entry.c
(CVE-2020-12767)
—
SL7
x86_64
libexif-0.6.22-1.el7.i686.rpm
libexif-0.6.22-1.el7.x86_64.rpm
libexif-debuginfo-0.6.22-1.el7.i686.rpm
libexif-debuginfo-0.6.22-1.el7.x86_64.rpm
libexif-devel-0.6.22-1.el7.i686.rpm
libexif-devel-0.6.22-1.el7.x86_64.rpm
libexif-doc-0.6.22-1.el7.x86_64.rpm
– Scientific Linux Development Team
