Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:1168-1

Опубликовано: 12 апр. 2022
Источник: suse-cvrf

Описание

Security update for libexif

This update for libexif fixes the following issues:

  • CVE-2020-0181: Fixed an integer overflow that could lead to denial of service (bsc#1172802).
  • CVE-2020-0198: Fixed and unsigned integer overflow that could lead to denial of service (bsc#1172768).
  • CVE-2020-0452: Fixed a buffer overflow check that could be optimized away by the compiler (bsc#1178479).

Список пакетов

HPE Helion OpenStack 8
libexif12-0.6.22-8.13.1
libexif12-32bit-0.6.22-8.13.1
SUSE Linux Enterprise Server 12 SP2-BCL
libexif12-0.6.22-8.13.1
libexif12-32bit-0.6.22-8.13.1
SUSE Linux Enterprise Server 12 SP3-BCL
libexif12-0.6.22-8.13.1
libexif12-32bit-0.6.22-8.13.1
SUSE Linux Enterprise Server 12 SP3-LTSS
libexif12-0.6.22-8.13.1
libexif12-32bit-0.6.22-8.13.1
SUSE Linux Enterprise Server 12 SP4-LTSS
libexif12-0.6.22-8.13.1
libexif12-32bit-0.6.22-8.13.1
SUSE Linux Enterprise Server 12 SP5
libexif12-0.6.22-8.13.1
libexif12-32bit-0.6.22-8.13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libexif12-0.6.22-8.13.1
libexif12-32bit-0.6.22-8.13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libexif12-0.6.22-8.13.1
libexif12-32bit-0.6.22-8.13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libexif12-0.6.22-8.13.1
libexif12-32bit-0.6.22-8.13.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libexif-devel-0.6.22-8.13.1
SUSE OpenStack Cloud 8
libexif12-0.6.22-8.13.1
libexif12-32bit-0.6.22-8.13.1
SUSE OpenStack Cloud 9
libexif12-0.6.22-8.13.1
libexif12-32bit-0.6.22-8.13.1
SUSE OpenStack Cloud Crowbar 8
libexif12-0.6.22-8.13.1
libexif12-32bit-0.6.22-8.13.1
SUSE OpenStack Cloud Crowbar 9
libexif12-0.6.22-8.13.1
libexif12-32bit-0.6.22-8.13.1

Ссылки

Описание

In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076

Затронутые продукты
HPE Helion OpenStack 8:libexif12-0.6.22-8.13.1
HPE Helion OpenStack 8:libexif12-32bit-0.6.22-8.13.1
SUSE Linux Enterprise Server 12 SP2-BCL:libexif12-0.6.22-8.13.1
SUSE Linux Enterprise Server 12 SP2-BCL:libexif12-32bit-0.6.22-8.13.1
Ссылки

Описание

In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941

Затронутые продукты
HPE Helion OpenStack 8:libexif12-0.6.22-8.13.1
HPE Helion OpenStack 8:libexif12-32bit-0.6.22-8.13.1
SUSE Linux Enterprise Server 12 SP2-BCL:libexif12-0.6.22-8.13.1
SUSE Linux Enterprise Server 12 SP2-BCL:libexif12-32bit-0.6.22-8.13.1
Ссылки

Описание

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731

Затронутые продукты
HPE Helion OpenStack 8:libexif12-0.6.22-8.13.1
HPE Helion OpenStack 8:libexif12-32bit-0.6.22-8.13.1
SUSE Linux Enterprise Server 12 SP2-BCL:libexif12-0.6.22-8.13.1
SUSE Linux Enterprise Server 12 SP2-BCL:libexif12-32bit-0.6.22-8.13.1
Ссылки
Уязвимость SUSE-SU-2022:1168-1