|Category:||Debian Local Security Checks|
|Title:||Debian LTS: Security Advisory for libexif (DLA-2222-1)|
|Summary:||The remote host is missing an update for the 'libexif'; package(s) announced via the DLA-2222-1 advisory.|
The remote host is missing an update for the 'libexif'
package(s) announced via the DLA-2222-1 advisory.
Various minor vulnerabilities have been addredd in libexif, a library to
parse EXIF metadata files.
This issue had already been addressed via DLA-2214-1. However, upstream
provided an updated patch, so this has been followed up on.
Several buffer over-reads in EXIF MakerNote handling could have lead
to information disclosure and crashes. This issue is different from
already resolved CVE-2020-0093.
Use of uninitialized memory in EXIF Makernote handling could have
lead to crashes and potential use-after-free conditions.
An unrestricted size in handling Canon EXIF MakerNote data could have
lead to consumption of large amounts of compute time for decoding
'libexif' package(s) on Debian Linux.
For Debian 8 'Jessie', these problems have been fixed in version
We recommend that you upgrade your libexif packages.
Common Vulnerability Exposure (CVE) ID: CVE-2020-0093|
SuSE Security Announcement: openSUSE-SU-2020:0793 (Google Search)
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.