libexif-0.6.22-1.el7

エラータID: AXSA:2020-584:04

Release date: 
Tuesday, October 6, 2020 - 08:56
Subject: 
libexif-0.6.22-1.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The libexif packages provide a library for extracting extra information from image files.

The following packages have been upgraded to a later upstream version: libexif (0.6.22).

Security Fix(es):

* libexif: out of bound write in exif-data.c (CVE-2019-9278)

* libexif: out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-data.c (CVE-2020-0093)

* libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free (CVE-2020-13113)

* libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time (CVE-2020-13114)

* libexif: out of bounds read due to a missing bounds check in exif_entry_get_value function in exif-entry.c (CVE-2020-0182)

* libexif: divide-by-zero in exif_entry_get_value function in exif-entry.c (CVE-2020-12767)

CVE-2019-9278
In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774
CVE-2020-0093
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132
CVE-2020-0182
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917
CVE-2020-12767
exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.
CVE-2020-13113
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.
CVE-2020-13114
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.

Solution: 

Update packages.

CVEs: 
CVE-2019-9278
In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774
CVE-2020-0093
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132
CVE-2020-0182
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917
CVE-2020-12767
exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.
CVE-2020-13113
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.
CVE-2020-13114
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.
Additional Info: 

N/A

Download: 

SRPMS
  1. libexif-0.6.22-1.el7.src.rpm
    MD5: b972ade14a518f8ec652e6e205917af7
    SHA-256: 2105244116a41ec25855702f040d08d4021694b17bc30cb387b5d2a21a62b948
    Size: 1.07 MB

Asianux Server 7 for x86_64
  1. libexif-0.6.22-1.el7.x86_64.rpm
    MD5: 06378c770ae066fa3bb5917b74fec2c8
    SHA-256: e1e1586f899e3384d518810edcb0f0adfacfac8a5e4ed96251f84c7608940b85
    Size: 421.99 kB
  2. libexif-0.6.22-1.el7.i686.rpm
    MD5: 816f0de14335877933516b0bbe77a423
    SHA-256: 494c4897ee477ad596553514f431eefa727c1989aad1152626ab4c32770b8d88
    Size: 418.21 kB