Out-of-bounds Read in libexif

Do your applications use this vulnerable package? Test your applications

Overview

libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.

References

CVE Details
Debian Security Tracker
MISC
MLIST
SUSE
UBUNTU
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

None
Availability

High

CVE: CVE-2017-7544
CWE: CWE-125
Snyk ID: SNYK-DEBIAN9-LIBEXIF-325968
Disclosed: 21 Sep, 2017
Published: 21 Sep, 2017

Out-of-bounds Read
Affecting libexif package, versions <0.6.21-2+deb9u2

Overview

References

CVSS Score

Out-of-bounds Read Affecting libexif package, versions <0.6.21-2+deb9u2

Overview

References

Out-of-bounds Read
Affecting libexif package, versions <0.6.21-2+deb9u2