PT-2020-6250 · Libexif+6 · Libexif+6

Orangesnn

Published

2020-02-17

Updated

2024-06-15

CVE-2020-12767

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libexif version 0.6.21

Description The issue is related to a lack of division by zero checking in the libexif library, which is used for parsing EXIF files. This can lead to a denial of service when exploited. The exif entry get value function in exif-entry.c is specifically affected by a divide-by-zero error.

Recommendations For libexif version 0.6.21, consider applying a patch or fix that addresses the division by zero error in the exif entry get value function. As a temporary workaround, consider restricting the use of the exif entry get value function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

ALT-PU-2020-2019

ALT-PU-2020-2723

BDU:2021-03719

CESA-2020_4040

CESA-2020_4766

CVE-2020-12767

DLA-2214-1

OPENSUSE-SU-2020:0793-1

OPENSUSE-SU-2020_0793-1

OPENSUSE-SU-2024:10939-1

RHSA-2020:4040

RHSA-2020:4766

RHSA-2020_4040

RHSA-2020_4766

SUSE-SU-2020:1534-1

SUSE-SU-2020:1553-1

SUSE-SU-2020:1553-2

SUSE-SU-2020_1534-1

SUSE-SU-2020_1553-1

SUSE-SU-2020_1553-2

USN-4358-1

Affected Products

Alt Linux

Centos

Linuxmint

Red Hat

Suse

Ubuntu

Libexif

PT-2020-6250 · Libexif+6 · Libexif+6

CVE-2020-12767

Weakness Enumeration

Related Identifiers

Affected Products

References · 59