Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libexif
(Libexif_project)| Repositories | https://github.com/libexif/libexif |
| #Vulnerabilities | 19 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-11 | CVE-2020-0198 | In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941 | Ubuntu_linux, Debian_linux, Fedora, Android, Libexif | 7.5 | ||
| 2018-10-31 | CVE-2016-6328 | A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data). | Ubuntu_linux, Debian_linux, Libexif | 8.1 | ||
| 2020-05-09 | CVE-2020-12767 | exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. | Ubuntu_linux, Debian_linux, Libexif, Leap | 5.5 | ||
| 2020-05-21 | CVE-2020-13112 | An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. | Ubuntu_linux, Debian_linux, Libexif, Leap | 9.1 | ||
| 2020-05-14 | CVE-2020-0093 | In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 | Ubuntu_linux, Debian_linux, Android, Libexif, Leap | 5.0 | ||
| 2020-05-21 | CVE-2020-13114 | An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. | Ubuntu_linux, Libexif, Leap | 7.5 | ||
| 2020-05-21 | CVE-2020-13113 | An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. | Ubuntu_linux, Debian_linux, Libexif, Leap | 8.2 | ||
| 2007-12-20 | CVE-2007-6351 | libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c. | Libexif | N/A | ||
| 2019-02-20 | CVE-2018-20030 | An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. | Libexif | 7.5 | ||
| 2017-09-21 | CVE-2017-7544 | libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure. | Libexif | 9.1 |