Unrestricted Size Issue in libexif Affecting EXIF Data Handling
CVE-2020-13114

7.5HIGH

Key Information:

Vendor

Libexif Project

Status
Libexif
Vendor
CVE Published:
21 May 2020

What is CVE-2020-13114?

A vulnerability in libexif before version 0.6.22 arises from an unrestricted size issue in processing Canon EXIF MakerNote data. This flaw can lead to excessive consumption of computational resources when decoding EXIF data, potentially causing performance degradation or system unavailability.

References

https://github.com/libexif/libexif/commit/e6a38a1a23ba94d...
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/05/msg0...
mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.