Buffer Over-Read Vulnerability in libexif Affects Multiple Distributions
CVE-2020-13112

9.1CRITICAL

Key Information:

Vendor

Libexif Project

Status
Libexif
Vendor
CVE Published:
21 May 2020

What is CVE-2020-13112?

A vulnerability identified in libexif versions prior to 0.6.22 allows for several buffer over-reads in the handling of EXIF MakerNote data. This could potentially lead to the disclosure of sensitive information and crashes of the affected applications. Users are advised to update to the latest version to mitigate the risk associated with this issue.

References

https://github.com/libexif/libexif/commit/435e21f05001fb0...
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/05/msg0...
mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.