UbuntuUpdates.org

Package "libexif12"

Name: libexif12

Description:

library to parse EXIF files

Latest version: 0.6.21-2ubuntu0.1
Release: xenial (16.04)
Level: security
Repository: main
Head package: libexif
Homepage: http://libexif.sourceforge.net/

Links

Save this URL for the latest version of "libexif12": https://www.ubuntuupdates.org/libexif12


Download "libexif12"


Other versions of "libexif12" in Xenial

Repository Area Version
base main 0.6.21-2
updates main 0.6.21-2ubuntu0.1

Changelog

Version: 0.6.21-2ubuntu0.1 2020-02-11 19:06:34 UTC

  libexif (0.6.21-2ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2016-6328.patch: fix int overflow while parsing
      MNOTE entry data of the input file in
      libexif/pentax/mnote-pentax-entry.c
    - CVE-2016-6328
  * SECURITY UPDATE: Out-bouns heap read and denial of service
    - debian/patches/CVE-2017-7544.patch: fixes out-of-bounds heap read
      in exif_data_save_data_entry function in libexif/exif-data.c.
    - CVE-2017-7544
  * SECURITY UPDATE: Out of bounds write
    - debian/patches/CVE-2019-9278.patch: avoid the use of unsafe int overflow
      checking constructs and check for the actual sizes to avoid integer
      overflows in libexif/exif-data.c.
    - CVE-2019-9278

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 11 Feb 2020 09:10:54 -0300

CVE-2016-6328 A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS)
CVE-2017-7544 libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by
CVE-2019-9278 In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media conten



About   -   Send Feedback to @ubuntu_updates