Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-13112

Опубликовано: 16 мая 2020
Источник: redhat
CVSS3: 9.1
EPSS Низкий

Описание

An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.

A heap-buffer out-of-bounds read flaw was found in libexif's MakerNote tag parser. This flaw allows an unauthenticated attacker or authenticated attacker with low privileges to exploit the flaw remotely in an application that uses libexif to process EXIF data from media files if the file upload is allowed. An attacker could create a specially crafted image file that, when processed by libexif, would cause the application to crash or, potentially expose data from the application's memory. This attack leads to a denial of service or a memory information leak that could assist in further exploitation.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5libexifOut of support scope
Red Hat Enterprise Linux 6libexifFixedRHSA-2020:251610.06.2020
Red Hat Enterprise Linux 7libexifFixedRHSA-2020:254915.06.2020
Red Hat Enterprise Linux 8libexifFixedRHSA-2020:255015.06.2020
Red Hat Enterprise Linux 8.0 Update Services for SAP SolutionslibexifFixedRHSA-2020:247410.06.2020
Red Hat Enterprise Linux 8.1 Extended Update SupportlibexifFixedRHSA-2020:267223.06.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
Дефект:
CWE-190->CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1840344libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS

EPSS

Процентиль: 76%
0.00978
Низкий

9.1 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-13112

CVSS3: 9.1
ubuntu
больше 5 лет назад

An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.

nvd логотип

CVE-2020-13112

CVSS3: 9.1
nvd
больше 5 лет назад

An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.

debian логотип

CVE-2020-13112

CVSS3: 9.1
debian
больше 5 лет назад

An issue was discovered in libexif before 0.6.22. Several buffer over- ...

github логотип

GHSA-4pxw-3px9-5fg9

CVSS3: 9.1
github
больше 3 лет назад

An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.

oracle-oval логотип

ELSA-2020-2550

oracle-oval
больше 5 лет назад

ELSA-2020-2550: libexif security update (MODERATE)

EPSS

Процентиль: 76%
0.00978
Низкий

9.1 Critical

CVSS3