CVE-2020-13114 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 73%

Affected Products (NVD)

Vendor	Product	Version
libexif_project	libexif	𝑥 < 0.6.22
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
canonical	ubuntu_linux	20.04
opensuse	leap	15.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libexif

bookworm	0.6.24-1 fixed
bullseye	0.6.22-3 fixed
sid	0.6.24-1 fixed
trixie	0.6.24-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libexif

bionic	Fixed 0.6.21-4ubuntu0.5 released
eoan	Fixed 0.6.21-5.1ubuntu0.5 released
focal	Fixed 0.6.21-6ubuntu0.3 released
trusty	Fixed 0.6.21-1ubuntu1+esm5 released
xenial	Fixed 0.6.21-2ubuntu0.5 released

Common Weakness Enumeration

CWE-770 - Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html

https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab

https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html

https://security.gentoo.org/glsa/202007-05

https://usn.ubuntu.com/4396-1/

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html

https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab

https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html

https://security.gentoo.org/glsa/202007-05

https://usn.ubuntu.com/4396-1/