PT-2020-6254 · Libexif+6 · Libexif+6

Published

2020-05-16

Updated

2024-06-15

CVE-2020-13114

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libexif versions prior to 0.6.22

Description The issue is related to an unrestricted size in handling Canon EXIF MakerNote data, which could lead to consumption of large amounts of compute time for decoding EXIF data. This could allow a remote attacker to cause a denial of service.

Recommendations For versions prior to 0.6.22, update to version 0.6.22 or later to resolve the issue. As a temporary workaround, consider restricting the handling of Canon EXIF MakerNote data to minimize the risk of exploitation.

Fix

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

ALT-PU-2020-2019

ALT-PU-2020-2723

BDU:2021-03725

CESA-2020_4040

CESA-2020_4766

CVE-2020-13114

DLA-2222-1

MGASA-2020-0238

OESA-2021-1286

OPENSUSE-SU-2020:0793-1

OPENSUSE-SU-2020_0793-1

OPENSUSE-SU-2024:10939-1

RHSA-2020:4040

RHSA-2020:4766

RHSA-2020_4040

RHSA-2020_4766

SUSE-SU-2020:1534-1

SUSE-SU-2020:1553-1

SUSE-SU-2020:1553-2

SUSE-SU-2020_1534-1

SUSE-SU-2020_1553-1

SUSE-SU-2020_1553-2

USN-4396-1

Affected Products

Alt Linux

Centos

Linuxmint

Red Hat

Suse

Ubuntu

Libexif

PT-2020-6254 · Libexif+6 · Libexif+6

CVE-2020-13114

Weakness Enumeration

Related Identifiers

Affected Products

References · 72