Описание
Security update for libexif
This update for libexif fixes several issues.
These security issues were fixed:
- CVE-2016-6328: Fixed integer overflow in parsing MNOTE entry data of the input file (bsc#1055857)
- CVE-2017-7544: Fixed out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure (bsc#1059893)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.2
libexif-0.6.21-15.1
libexif-devel-0.6.21-15.1
libexif12-0.6.21-15.1
libexif12-32bit-0.6.21-15.1
openSUSE Leap 42.3
libexif-0.6.21-15.1
libexif-devel-0.6.21-15.1
libexif12-0.6.21-15.1
libexif12-32bit-0.6.21-15.1
Ссылки
- E-Mail link for openSUSE-SU-2018:0211-1
- SUSE Security Ratings
Описание
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).
Затронутые продукты
openSUSE Leap 42.2:libexif-0.6.21-15.1
openSUSE Leap 42.2:libexif-devel-0.6.21-15.1
openSUSE Leap 42.2:libexif12-0.6.21-15.1
openSUSE Leap 42.2:libexif12-32bit-0.6.21-15.1
Ссылки
- CVE-2016-6328
- SUSE Bug 1055857
Описание
libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.
Затронутые продукты
openSUSE Leap 42.2:libexif-0.6.21-15.1
openSUSE Leap 42.2:libexif-devel-0.6.21-15.1
openSUSE Leap 42.2:libexif12-0.6.21-15.1
openSUSE Leap 42.2:libexif12-32bit-0.6.21-15.1
Ссылки
- CVE-2017-7544
- SUSE Bug 1059893