Yunho Kim

**Name of the Vulnerable Software and Affected Versions** libexif versions prior to 0.6.21 libexif-devel versions prior to 0.6.21 libexif-0.6.21 (affected versions not specified for specific Linux distributions) **Description** The issue concerns multiple vulnerabilities in the libexif package, which can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be carried out remotely. The exif data load data function in exif-data.c in the EXIF Tag Parsing Library allows remote attackers to cause a denial of service or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. **Recommendations** For versions prior to 0.6.21, update to version 0.6.21 or later to resolve the issue. As a temporary workaround, consider disabling the `exif data load data` function until a patch is available. Restrict access to the vulnerable libexif module to minimize the risk of exploitation. Avoid using crafted EXIF tags in images until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** libexif versions prior to 0.6.21 libexif-0.6.21 libexif-devel versions prior to 0.6.21 libexif-devel-0.6.21 libexif-64bit versions prior to 0.6.21 libexif-32bit versions prior to 0.6.21 libexif-debuginfo-0.6.21 **Description** The issue concerns multiple vulnerabilities in the libexif package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, the `mnote olympus entry get value` function in the EXIF Tag Parsing Library allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags. **Recommendations** For libexif versions prior to 0.6.21, update to version 0.6.21 or later. For libexif-0.6.21, update to a version later than 0.6.21. For libexif-devel versions prior to 0.6.21, update to version 0.6.21 or later. For libexif-devel-0.6.21, update to a version later than 0.6.21. For libexif-64bit versions prior to 0.6.21, update to version 0.6.21 or later. For libexif-32bit versions prior to 0.6.21, update to version 0.6.21 or later. For libexif-debuginfo-0.6.21, update to a version later than 0.6.21. As a temporary workaround, consider disabling the `mnote olympus entry get value` function until a patch is available.