Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian LTS: Security Advisory for libexif (DLA-2214-1)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'libexif' package(s) announced via the DLA-2214-1 advisory.
Insight
Insight
Various vulnerabilities have been addressed in libexif, a library to parse EXIF metadata files. CVE-2016-6328 An integer overflow when parsing the MNOTE entry data of the input file had been found. This could have caused Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data). CVE-2017-7544 libexif had been vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which could have caused denial-of-service or possibly information disclosure. CVE-2018-20030 An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version could have been exploited to exhaust available CPU resources. CVE-2020-0093 In exif_data_save_data_entry of exif-data.c, there was a possible out of bounds read due to a missing bounds check. This could have lead to local information disclosure with no additional execution privileges needed. User interaction was needed for exploitation. CVE-2020-12767 libexif had a divide-by-zero error in exif_entry_get_value in exif-entry.c
Affected Software
Affected Software
'libexif' package(s) on Debian Linux.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
For Debian 8 'Jessie', these problems have been fixed in version 0.6.21-2+deb8u2. We recommend that you upgrade your libexif packages.