[Pkg-phototools-devel] Bug#961409: libexif: CVE-2020-13113
Salvatore Bonaccorso
carnil at debian.org
Sun May 24 10:31:23 BST 2020
Source: libexif
Version: 0.6.21-8
Severity: important
Tags: security upstream
Control: found -1 0.6.21-7
Control: found -1 0.6.21-5.1+deb10u1
Control: found -1 0.6.21-5.1
Control: found -1 0.6.21-2+deb9u1
Control: found -1 0.6.21-2
Hi,
The following vulnerability was published for libexif.
CVE-2020-13113[0]:
| An issue was discovered in libexif before 0.6.22. Use of uninitialized
| memory in EXIF Makernote handling could lead to crashes and potential
| use-after-free conditions.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-13113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113
[1] https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f
Regards,
Salvatore
More information about the Pkg-phototools-devel
mailing list