PT-2020-1266 · Libexif+6 · Libexif+6

Published

2020-05-16

Updated

2024-06-15

CVE-2020-13112

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions libexif versions prior to 0.6.22

Description The issue is related to buffer over-reads in EXIF MakerNote handling, which could lead to information disclosure and crashes. It is also associated with an integer overflow in exif entry get value of exif-entry.c, potentially allowing for local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation.

Recommendations For libexif versions prior to 0.6.22, update to version 0.6.22 or later to resolve the issue. As a temporary workaround, consider restricting access to EXIF files to minimize the risk of exploitation. Avoid using the vulnerable libexif library until a patch is applied.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2020-2019

ALT-PU-2020-2723

ASB-A-194342672

BDU:2021-03723

CESA-2020_2549

CESA-2020_2550

CVE-2020-13112

DLA-2222-1

MGASA-2020-0238

OESA-2021-1352

OPENSUSE-SU-2020:0793-1

OPENSUSE-SU-2020_0793-1

OPENSUSE-SU-2024:10939-1

RHSA-2020:2474

RHSA-2020:2516

RHSA-2020:2549

RHSA-2020:2550

RHSA-2020:2672

RHSA-2020_2516

RHSA-2020_2549

RHSA-2020_2550

SUSE-SU-2020:1534-1

SUSE-SU-2020:1553-1

SUSE-SU-2020:1553-2

SUSE-SU-2020_1534-1

SUSE-SU-2020_1553-1

SUSE-SU-2020_1553-2

USN-4396-1

Affected Products

Alt Linux

Centos

Linuxmint

Red Hat

Suse

Ubuntu

Libexif

PT-2020-1266 · Libexif+6 · Libexif+6

CVE-2020-13112

Weakness Enumeration

Related Identifiers

Affected Products

References · 73