Use of Uninitialized Memory in Libexif Affects Multiple Distributions
CVE-2020-13113

8.2HIGH

Key Information:

Vendor

Libexif Project

Status
Libexif
Vendor
CVE Published:
21 May 2020

What is CVE-2020-13113?

An issue in libexif prior to version 0.6.22 allows for the use of uninitialized memory during EXIF Makernote processing. This can result in application crashes, as well as potential use-after-free conditions, posing risks to system stability and security. Users of affected distributions are advised to upgrade to corrected versions to mitigate these risks.

References

https://github.com/libexif/libexif/commit/ec412aa4583ad71...
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/05/msg0...
mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.