CVE-2017-7544

libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
libexif_projectlibexif
𝑥
≤ 0.6.21
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libexif
bookworm
0.6.24-1
fixed
bullseye
0.6.22-3
fixed
sid
0.6.24-1
fixed
trixie
0.6.24-1
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libexif
artful
ignored
bionic
not-affected
cosmic
ignored
disco
not-affected
eoan
not-affected
trusty
Fixed 0.6.21-1ubuntu1+esm1
released
xenial
Fixed 0.6.21-2ubuntu0.1
released
zesty
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libexif-devel
suse enterprise desktop 15
0.6.21-3.16
fixed
suse enterprise desktop 15 SP1
0.6.22-5.6.1
fixed
suse enterprise desktop 15 SP2
0.6.22-5.6.1
fixed
suse enterprise desktop 15 SP3
0.6.22-5.6.1
fixed
suse enterprise desktop 15 SP4
0.6.22-5.6.1
fixed
suse enterprise desktop 15 SP5
0.6.22-5.6.1
fixed
suse enterprise desktop 15 SP6
0.6.22-5.6.1
fixed
suse enterprise desktop 15 SP7
0.6.22-5.6.1
fixed
suse enterprise sap 15
0.6.21-3.16
fixed
suse enterprise sap 15 SP1
0.6.22-5.6.1
fixed
suse enterprise sap 15 SP2
0.6.22-5.6.1
fixed
suse enterprise sap 15 SP3
0.6.22-5.6.1
fixed
suse enterprise sap 15 SP4
0.6.22-5.6.1
fixed
suse enterprise sap 15 SP5
0.6.22-5.6.1
fixed
suse enterprise sap 15 SP6
0.6.22-5.6.1
fixed
suse enterprise sap 15 SP7
0.6.22-5.6.1
fixed
suse enterprise server 15
0.6.21-3.16
fixed
suse enterprise server 15 SP1
0.6.22-5.6.1
fixed
suse enterprise server 15 SP2
0.6.22-5.6.1
fixed
suse enterprise server 15 SP3
0.6.22-5.6.1
fixed
suse enterprise server 15 SP4
0.6.22-5.6.1
fixed
suse enterprise server 15 SP5
0.6.22-5.6.1
fixed
suse enterprise server 15 SP6
0.6.22-5.6.1
fixed
suse enterprise server 15 SP7
0.6.22-5.6.1
fixed
libexif12
suse enterprise desktop 15
0.6.21-3.16
fixed
suse enterprise desktop 15 SP1
0.6.22-5.6.1
fixed
suse enterprise desktop 15 SP2
0.6.22-5.6.1
fixed
suse enterprise desktop 15 SP3
0.6.22-5.6.1
fixed
suse enterprise desktop 15 SP4
0.6.22-5.6.1
fixed
suse enterprise desktop 15 SP5
0.6.22-5.6.1
fixed
suse enterprise desktop 15 SP6
0.6.22-5.6.1
fixed
suse enterprise desktop 15 SP7
0.6.22-5.6.1
fixed
suse enterprise sap 12 SP1
0.6.22-8.9.1
fixed
suse enterprise sap 12 SP2
0.6.22-8.9.1
fixed
suse enterprise sap 12 SP3
0.6.22-8.9.1
fixed
suse enterprise sap 12 SP4
0.6.22-8.9.1
fixed
suse enterprise sap 12 SP5
0.6.22-8.9.1
fixed
suse enterprise sap 15
0.6.21-3.16
fixed
suse enterprise sap 15 SP1
0.6.22-5.6.1
fixed
suse enterprise sap 15 SP2
0.6.22-5.6.1
fixed
suse enterprise sap 15 SP3
0.6.22-5.6.1
fixed
suse enterprise sap 15 SP4
0.6.22-5.6.1
fixed
suse enterprise sap 15 SP5
0.6.22-5.6.1
fixed
suse enterprise sap 15 SP6
0.6.22-5.6.1
fixed
suse enterprise sap 15 SP7
0.6.22-5.6.1
fixed
suse enterprise server 12 SP1
0.6.22-8.9.1
fixed
suse enterprise server 12 SP2
0.6.21-8.3.1
fixed
suse enterprise server 12 SP3
0.6.22-8.9.1
fixed
suse enterprise server 12 SP4
0.6.22-8.9.1
fixed
suse enterprise server 12 SP5
0.6.22-8.9.1
fixed
suse enterprise server 15
0.6.21-3.16
fixed
suse enterprise server 15 SP1
0.6.22-5.6.1
fixed
suse enterprise server 15 SP2
0.6.22-5.6.1
fixed
suse enterprise server 15 SP3
0.6.22-5.6.1
fixed
suse enterprise server 15 SP4
0.6.22-5.6.1
fixed
suse enterprise server 15 SP5
0.6.22-5.6.1
fixed
suse enterprise server 15 SP6
0.6.22-5.6.1
fixed
suse enterprise server 15 SP7
0.6.22-5.6.1
fixed
libexif12-32bit
suse enterprise sap 12 SP1
0.6.22-8.9.1
fixed
suse enterprise sap 12 SP2
0.6.22-8.9.1
fixed
suse enterprise sap 12 SP3
0.6.22-8.9.1
fixed
suse enterprise sap 12 SP4
0.6.22-8.9.1
fixed
suse enterprise sap 12 SP5
0.6.22-8.9.1
fixed
suse enterprise server 12 SP1
0.6.22-8.9.1
fixed
suse enterprise server 12 SP2
0.6.21-8.3.1
fixed
suse enterprise server 12 SP3
0.6.22-8.9.1
fixed
suse enterprise server 12 SP4
0.6.22-8.9.1
fixed
suse enterprise server 12 SP5
0.6.22-8.9.1
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html
https://sourceforge.net/p/libexif/bugs/130/
https://usn.ubuntu.com/4277-1/
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html
https://sourceforge.net/p/libexif/bugs/130/
https://usn.ubuntu.com/4277-1/