Red Hat Security Advisory: libexif security, bug fix, and enhancement update
🔗 CVE IDs covered (8)
📋 Description
CVE-2019-9278 — libexif: out of bounds write in exif-data.c CVE-2020-0093 — libexif: out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-data.c CVE-2020-0181 — libexif: integer overflow in exif_data_load_data_thumbnail function in exif-data.c CVE-2020-0182 — libexif: out of bounds read due to a missing bounds check in exif_entry_get_value function in exif-entry.c CVE-2020-0198 — libexif: integer overflow in exif_data_load_data_content function in exif-data.c CVE-2020-12767 — libexif: divide-by-zero in exif_entry_get_value function in exif-entry.c CVE-2020-13113 — libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free CVE-2020-13114 — libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHSA-2020:4766
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1789031
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1834950
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1840347
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1840350
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1841320
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1847131
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1847133
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1852487
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1852490
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4766.json