Univention Bugzilla – Bug 52075
(ES 4.3) libexif
Last modified: 2020-11-30 12:19:14 CET
Provide libexif version 0.6.21-2+deb9u4 for UCS 4.3 First imported at bug #51714 This update addresses the following issues: * Integer overflow in parsing MNOTE entry data of the input file (CVE-2016-6328) * Out-of-bounds heap read in exif_data_save_data_entry function (CVE-2017-7544) * Input validation issue resulting in a denial of service (CVE-2018-20030) * Out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-data.c (CVE-2020-0093) * Out of bounds read due to a missing bounds check in exif_entry_get_value function in exif-entry.c (CVE-2020-0182) * Integer overflow in exif_data_load_data_content function in exif-data.c (CVE-2020-0198) * Divide-by-zero in exif_entry_get_value function in exif-entry.c (CVE-2020-12767) * Several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS (CVE-2020-13112) * Use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free (CVE-2020-13113) * Unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time for decoding EXIF data (CVE-2020-13114)
-> apt-cache policy libexif12 libexif12: Installiert: 0.6.21-2+deb9u4 Installationskandidat: 0.6.21-2+deb9u4 Versionstabelle: *** 0.6.21-2+deb9u4 500 500 http://192.168.0.10/build2 ucs_4.3-0-extsec4.3/amd64/ Packages
CLOSED: Released as extsec4.3 update