Описание
A flaw was found in libexif. An integer underflow vulnerability in the size checking mechanism for Fuji and Olympus MakerNote decoding could allow attackers to exploit programs using libexif. This could lead to a Denial of Service (DoS) by crashing the program or result in information disclosure, potentially exposing sensitive data.
Отчет
Moderate impact. An integer underflow in libexif's Fuji and Olympus MakerNote decoding could allow an attacker to cause a denial of service or information disclosure. This vulnerability affects programs that process specially crafted image files utilizing libexif.
Меры по смягчению последствий
To mitigate this issue, users should avoid processing untrusted image files with applications that utilize libexif. Restricting the source of image files to trusted origins can reduce the risk of exploitation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libexif | Fix deferred | ||
| Red Hat Enterprise Linux 6 | libexif | Fix deferred | ||
| Red Hat Enterprise Linux 7 | libexif | Fix deferred | ||
| Red Hat Enterprise Linux 8 | libexif | Fix deferred | ||
| Red Hat Enterprise Linux 9 | libexif | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS3
Связанные уязвимости
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
In libexif through 0.6.25, an integer underflow in size checking for F ...
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
EPSS
4 Medium
CVSS3