{"id":"MGASA-2020-0238","summary":"Updated libexif packages fix security vulnerability","details":"The updated packages fix a security vulnerability:\n\nIn exif_data_save_data_entry of exif-data.c, there is a possible out of\nbounds read due to a missing bounds check. This could lead to local\ninformation disclosure with no additional execution privileges needed.\nUser interaction is needed for exploitation. (CVE-2020-0093)\n\nexif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero\nerror (CVE-2020-12767).\n\nAn issue was discovered in libexif before 0.6.22. Several buffer over-reads in\nEXIF MakerNote handling could lead to information disclosure and crashes\n(CVE-2020-13112).\n\nAn issue was discovered in libexif before 0.6.22. Use of uninitialized memory\nin EXIF Makernote handling could lead to crashes and potential use-after-free\nconditions (CVE-2020-13113).\n\nAn issue was discovered in libexif before 0.6.22. An unrestricted size in\nhandling Canon EXIF MakerNote data could lead to consumption of large amounts\nof compute time for decoding EXIF data (CVE-2020-13114).\n\nThe libexif package has been updated to version 0.6.22, fixing these issues\nand other bugs.\n\nAlso, the exif package has been updated to version 0.6.22.  See the upstream\nNEWS files for details.\n","modified":"2026-02-04T03:08:29.262948Z","published":"2020-05-27T19:06:44Z","related":["CVE-2020-0093","CVE-2020-13112","CVE-2020-13113","CVE-2020-13114"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0238.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26650"},{"type":"REPORT","url":"https://www.debian.org/lts/security/2020/dla-2214"},{"type":"REPORT","url":"https://github.com/libexif/libexif/blob/libexif-0_6_22-release/NEWS"},{"type":"REPORT","url":"https://github.com/libexif/exif/blob/exif-0_6_22-release/NEWS"}],"affected":[{"package":{"name":"libexif","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/libexif?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.22-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0238.json"}},{"package":{"name":"exif","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/exif?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.22-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0238.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}