Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2020:5393

Опубликовано: 14 дек. 2020
Источник: rocky
Оценка: Important

Описание

Important: libexif security update

The libexif packages provide a library for extracting extra information from image files.

Security Fix(es):

  • libexif: out of bounds write due to an integer overflow in exif-entry.c (CVE-2020-0452)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
libexifx86_645.el8_3libexif-0.6.22-5.el8_3.x86_64.rpm

Показывать по

Связанные CVE

CVE-2020-0452

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2020-0452

CVSS3: 9.8
ubuntu
больше 4 лет назад

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731

redhat логотип

CVE-2020-0452

CVSS3: 9.8
redhat
больше 4 лет назад

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731

nvd логотип

CVE-2020-0452

CVSS3: 9.8
nvd
больше 4 лет назад

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731

debian логотип

CVE-2020-0452

CVSS3: 9.8
debian
больше 4 лет назад

In exif_entry_get_value of exif-entry.c, there is a possible out of bo ...

github логотип

GHSA-xrf9-3q75-637f

CVSS3: 9.8
github
около 3 лет назад

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731