CVE-2017-7544

libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
libexif_projectlibexif
𝑥
≤ 0.6.21
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libexif
bullseye
0.6.22-3
fixed
wheezy
no-dsa
sid
0.6.24-1
fixed
trixie
0.6.24-1
fixed
bookworm
0.6.24-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libexif
eoan
not-affected
disco
not-affected
cosmic
ignored
bionic
not-affected
artful
ignored
zesty
ignored
xenial
Fixed 0.6.21-2ubuntu0.1
released
trusty
Fixed 0.6.21-1ubuntu1+esm1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html
https://sourceforge.net/p/libexif/bugs/130/
https://usn.ubuntu.com/4277-1/
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html
https://sourceforge.net/p/libexif/bugs/130/
https://usn.ubuntu.com/4277-1/