PT-2017-1002 · None+3 · Libexif+3

Liu Bingchang

Published

2017-08-23

Updated

2024-06-15

CVE-2016-6328

CVSS v3.1

6.1

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions libexif (affected versions not specified)

Description The issue is related to an integer overflow when parsing the MNOTE entry data of the input file, which can cause Denial-of-Service (DoS) and Information Disclosure. This may allow a remote attacker to access confidential information or cause a service disruption. Additionally, there is a possible out of bounds write due to a missing bounds check in the mnote pentax entry get value function, which could lead to remote code execution without requiring additional execution privileges. User interaction is not needed for exploitation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2020-2019

ALT-PU-2020-2723

ASB-A-162602132

BDU:2021-03764

CVE-2016-6328

DLA-2214-1

MGASA-2018-0051

OPENSUSE-SU-2020:0793-1

OPENSUSE-SU-2020_0793-1

OPENSUSE-SU-2024:10939-1

SUSE-SU-2018:0193-1

SUSE-SU-2018_0193-1

SUSE-SU-2020:1534-1

SUSE-SU-2020:1553-1

SUSE-SU-2020:1553-2

SUSE-SU-2020_1534-1

SUSE-SU-2020_1553-1

SUSE-SU-2020_1553-2

USN-4277-1

Affected Products

Alt Linux

Suse

Ubuntu

Libexif

PT-2017-1002 · None+3 · Libexif+3

CVE-2016-6328

Weakness Enumeration

Related Identifiers

Affected Products

References · 106