Описание
A flaw was found in libexif. A local attacker on a 32-bit system could exploit an unsigned 32-bit integer overflow vulnerability in the Nikon MakerNote handling. This could lead to application crashes or the disclosure of sensitive information.
Отчет
This Moderate impact vulnerability in libexif affects 32-bit systems. A local attacker could trigger an integer overflow in the Nikon MakerNote handling, potentially leading to application crashes or information disclosure.
Меры по смягчению последствий
On 32-bit systems, avoid processing untrusted image files that contain Nikon MakerNotes. This operational control reduces the risk of exploitation by preventing vulnerable applications from parsing malicious EXIF data.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libexif | Fix deferred | ||
| Red Hat Enterprise Linux 6 | libexif | Fix deferred | ||
| Red Hat Enterprise Linux 7 | libexif | Fix deferred | ||
| Red Hat Enterprise Linux 8 | libexif | Fix deferred | ||
| Red Hat Enterprise Linux 9 | libexif | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS3
Связанные уязвимости
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon ...
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.
EPSS
4 Medium
CVSS3