user/libexif: multiple vulnerabilities
| Bugzilla ID | 143 |
| Alias(es) | CVE-2017-7544, CVE-2018-20030 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:04:33 -0500 |
| Modified | 2019-08-04 19:26:06 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
Description
CVE-2017-7544: https://nvd.nist.gov/vuln/detail/CVE-2017-7544
libexif through 0.6.21 is vulnerable to out-of-bounds heap read
vulnerability in exif_data_save_data_entry function in libexif/exif-
data.c caused by improper length computation of the allocated data of
an ExifMnote entry which can cause denial-of-service or possibly
information disclosure.
CVE-2018-20030: https://nvd.nist.gov/vuln/detail/CVE-2018-20030
An error when processing the EXIF_IFD_INTEROPERABILITY and
EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to
exhaust available CPU resources.