Page 8 of 256 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2020-13114 – libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time

https://notcve.org/view.php?id=CVE-2020-13114

An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. Se descubrió un problema en el libexif versiones anteriores a la versión 0.6.22. Un tamaño sin restricciones en el manejo de los datos de Canon EXIF MakerNote podría conllevar al consumo de grandes cantidades de tiempo de cálculo para la decodificación de datos EXIF. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html https://security.gentoo.org/glsa/202007-05 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-13114 https://bugzilla.redhat.com/show_bug.cgi?id=1840350 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0

CVE-2020-0093 – libexif: out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-data.c

https://notcve.org/view.php?id=CVE-2020-0093

In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 En la función exif_data_save_data_entry del archivo exif-data.c, se presenta una posible lectura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales. Es requerida una interacción del usuario para su explotación. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html https://security.gentoo.org/glsa/202007-05 https://source.android.com/security/bulletin/2020-05-01 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-0093 https://bugzilla.redhat.com/show_bug.cgi?id=1852487 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-11866

https://notcve.org/view.php?id=CVE-2020-11866

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free. libEMF (también se conoce como ECMA-234 Metafile Library) versiones hasta 1.0.11, permite un uso de la memoria previamente liberada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00036.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DFYDSKWFM2R5NKZOO2IN6X7SM3T2PWL https://sourceforge.net/p/libemf/code/commit_browser https://sourceforge.net/p/libemf/mailman/libemf-devel https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-11865

https://notcve.org/view.php?id=CVE-2020-11865

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access. libEMF (también se conoce como ECMA-234 Metafile Library) versiones hasta 1.0.11, permite un acceso a la memoria fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00036.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DFYDSKWFM2R5NKZOO2IN6X7SM3T2PWL https://sourceforge.net/p/libemf/code/commit_browser https://sourceforge.net/p/libemf/mailman/libemf-devel https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-11864

https://notcve.org/view.php?id=CVE-2020-11864

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2). libEMF (también se conoce como ECMA-234 Metafile Library) versiones hasta 1.0.11, permite una denegación de servicio (problema 2 de 2). • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00036.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DFYDSKWFM2R5NKZOO2IN6X7SM3T2PWL https://sourceforge.net/p/libemf/code/commit_browser https://sourceforge.net/p/libemf/mailman/libemf-devel https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012 •