PT-2020-1267 · Libexif+6 · Libexif+6

Published

2020-05-16

Updated

2024-06-15

CVE-2020-13113

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions libexif versions prior to 0.6.22

Description The issue is related to the use of uninitialized memory in EXIF Makernote handling, which could lead to crashes and potential use-after-free conditions. This could allow a remote attacker to access confidential data and cause a denial of service.

Recommendations For versions prior to 0.6.22, update to version 0.6.22 or later to resolve the issue. As a temporary workaround, consider restricting the use of EXIF Makernote handling until a patch is available.

Fix

Use of Uninitialized Resource

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-416

Related Identifiers

ALT-PU-2020-2019

ALT-PU-2020-2723

ASB-A-196085005

BDU:2021-03724

CESA-2020_4040

CESA-2020_4766

CVE-2020-13113

DLA-2222-1

MGASA-2020-0238

OESA-2021-1286

OPENSUSE-SU-2020:0793-1

OPENSUSE-SU-2020_0793-1

OPENSUSE-SU-2024:10939-1

RHSA-2020:4040

RHSA-2020:4766

RHSA-2020_4040

RHSA-2020_4766

SUSE-SU-2020:1534-1

SUSE-SU-2020:1553-1

SUSE-SU-2020:1553-2

SUSE-SU-2020_1534-1

SUSE-SU-2020_1553-1

SUSE-SU-2020_1553-2

USN-4396-1

Affected Products

Alt Linux

Centos

Linuxmint

Red Hat

Suse

Ubuntu

Libexif

PT-2020-1267 · Libexif+6 · Libexif+6

CVE-2020-13113

Weakness Enumeration

Related Identifiers

Affected Products

References · 73