CVSS: 8.2EPSS: 10%CPEs: 4EXPL: 1CVE-2020-0181 – libexif: integer overflow in exif_data_load_data_thumbnail function in exif-data.c
https://notcve.org/view.php?id=CVE-2020-0181
11 Jun 2020 — In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076 En la función la función exif_data_load_data_thumbnail del archivo exif-data.c, se presenta una posible denegación de servicio debido a un desbordamiento de enteros. Esto podría conllevar a una den... • https://github.com/Trinadh465/external_libexif_AOSP10_r33_CVE-2020-0181 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 10%CPEs: 11EXPL: 1CVE-2020-0198 – libexif: integer overflow in exif_data_load_data_content function in exif-data.c
https://notcve.org/view.php?id=CVE-2020-0198
11 Jun 2020 — In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941 En la función exif_data_load_data_content del archivo exif-data.c, se presenta un posible aborto de UBSAN debido a un desbordamiento de enteros. Esto podría conllevar a una denegación de servicio remota sin se... • https://github.com/Trinadh465/external_libexif_AOSP10_r33_CVE-2020-0198 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 0CVE-2020-13113 – libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free
https://notcve.org/view.php?id=CVE-2020-13113
21 May 2020 — An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. Se descubrió un problema en libexif versiones anteriores a la versión 0.6.22. Un uso de la memoria no inicializada en el manejo de EXIF Makemote podría conllevar a bloqueos y condiciones potenciales de uso de la memoria previamente liberada. It was discovered that libexif incorrectly handled certain inputs. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html • CWE-822: Untrusted Pointer Dereference CWE-908: Use of Uninitialized Resource •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2020-13112 – libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS
https://notcve.org/view.php?id=CVE-2020-13112
21 May 2020 — An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. Se descubrió un problema en libexif versiones anteriores a la versión 0.6.22. Varias lecturas excesivas de buffer en el manejo de EXIF MakerNote podrían conllevar a una divulgación de información y a bloqueos. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13114 – libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time
https://notcve.org/view.php?id=CVE-2020-13114
21 May 2020 — An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. Se descubrió un problema en el libexif versiones anteriores a la versión 0.6.22. Un tamaño sin restricciones en el manejo de los datos de Canon EXIF MakerNote podría conllevar al consumo de grandes cantidades de tiempo de cálculo para la decodificación de datos EXIF. It was discovered that libexif incorrectly handled c... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0CVE-2020-0093 – libexif: out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-data.c
https://notcve.org/view.php?id=CVE-2020-0093
14 May 2020 — In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 En la función exif_data_save_data_entry del archivo exif-data.c, se presenta una posible lectura fuera de límites debido a una falta de comprobación de límites. Es... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 1%CPEs: 7EXPL: 1CVE-2016-6328 – Gentoo Linux Security Advisory 202007-05
https://notcve.org/view.php?id=CVE-2016-6328
31 Oct 2018 — A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data). Se ha encontrado una vulnerabilidad en libexif. Hay un desbordamiento de enteros al analizar los datos de la entrada MNOTE del archivo de entradas. • https://github.com/Pazhanivelmani/libexif_Android10_r33_CVE-2016-6328 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7544 – Ubuntu Security Notice USN-4277-1
https://notcve.org/view.php?id=CVE-2017-7544
21 Sep 2017 — libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure. libexif hasta la versión 0.6.21 es vulnerable a una lectura de la memoria dinámica (heap) fuera de límites en la función exif_data_save_data_entry en libexif/exif-data.c. Esto se debe al cálculo incorrecto de la longitud ... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2012-2812 – libexif: "exif_entry_get_value()" heap-based out-of-bounds array read
https://notcve.org/view.php?id=CVE-2012-2812
13 Jul 2012 — The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. La función exif_entry_get_value Exif-entry.c en la biblioteca de análisis de etiquetas EXIF (también conocido como libexif) antes de v0.6.21 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) ... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2012-2813 – libexif: "exif_convert_utf16_to_utf8()" heap-based out-of-bounds array read
https://notcve.org/view.php?id=CVE-2012-2813
13 Jul 2012 — The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. La función exif_convert_utf16_to_utf8 en exif-entry.c en la biblioteca de análisis de etiquetas EXIF (también conocida como libexif) antes de v0.6.21 permite a atacantes remotos provocar una denegación de servicio (lectura fue... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •