PT-2017-1002 · None+3 · Libexif+3

Liu Bingchang

Publicado

2017-08-23

Atualizado

2024-06-15

CVE-2016-6328

CVSS v3.1

6.1

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions libexif (affected versions not specified)

Description The issue is related to an integer overflow when parsing the MNOTE entry data of the input file, which can cause Denial-of-Service (DoS) and Information Disclosure. This may allow a remote attacker to access confidential information or cause a service disruption. Additionally, there is a possible out of bounds write due to a missing bounds check in the mnote pentax entry get value function, which could lead to remote code execution without requiring additional execution privileges. User interaction is not needed for exploitation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2020-2019

ALT-PU-2020-2723

ASB-A-162602132

BDU:2021-03764

CVE-2016-6328

DLA-2214-1

MGASA-2018-0051

OPENSUSE-SU-2020:0793-1

OPENSUSE-SU-2020_0793-1

OPENSUSE-SU-2024:10939-1

SUSE-SU-2018:0193-1

SUSE-SU-2018_0193-1

SUSE-SU-2020:1534-1

SUSE-SU-2020:1553-1

SUSE-SU-2020:1553-2

SUSE-SU-2020_1534-1

SUSE-SU-2020_1553-1

SUSE-SU-2020_1553-2

USN-4277-1

Produtos afetados

Alt Linux

Suse

Ubuntu

Libexif

PT-2017-1002 · None+3 · Libexif+3

CVE-2016-6328

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 106