Package "libexif-dev"
Name: |
libexif-dev
|
Description: |
library to parse EXIF files (development files)
|
Latest version: |
0.6.21-4ubuntu0.6 |
Release: |
bionic (18.04) |
Level: |
security |
Repository: |
main |
Head package: |
libexif |
Homepage: |
http://libexif.sourceforge.net/ |
Links
Download "libexif-dev"
Other versions of "libexif-dev" in Bionic
Changelog
libexif (0.6.21-4ubuntu0.6) bionic-security; urgency=medium
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2020-0452.patch: fixed a incorrect overflow check that could be
optimized away in libexif/exif-entry.c.
- CVE-2020-0452
-- <email address hidden> (Leonidas S. Barbosa) Fri, 06 Nov 2020 12:07:28 -0300
|
Source diff to previous version |
|
libexif (0.6.21-4ubuntu0.5) bionic-security; urgency=medium
* SECURITY UPDATE: Out of bounds read
- debian/patches/CVE-2020-0093.patch: fix read
buffer overflow making sure the number of bytes being
copied from does not exceed the source buffer size in
libexif/exif-data.c.
- CVE-2020-0093
* SECURITY UPDATE: Out of bounds read
- debian/patches/CVE-2020-13112.patch: fix MakerNote tag size
overflow check for a size overflow while reading tags in
libexif/canon/exif-mnote-data-canon.c,
libexif/fuji/exif/mnote-data-fuji.c,
libexif/olympus/exif-mnote-data-olympus.c,
libexif/pentax/exif-mnote-data-pentax.c.
- CVE-2020-13112
* SECURITY UPDATE: Possibly crash and potential use-after-free
- debian/patches/CVE-2020-13113.patch: ensures that an uninitialized
pointer is not dereferenced later in the case where the number of
components is 0 in libexif/canon/exif-mnote-data-canon.c,
libexif/fuji/exif-mnote-data-fuji.c,
libexif/olympus/exif-mnote-data-olympus.c,
libexif/pentax/exif-mnote-data-pentax.
- CVE-2020-13113
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2020-13114.patch: add a failsafe on the
maximum number of Canon MakerNote subtags in
libexif/canon/exif-mnote-data-canon.c.
- CVE-2020-13114
* SECURITY UPDATE: Out of bounds read
- debian/patches/CVE-2020-0182.patch: fix a buffer read
overflow in exif_entry_get_value in libexif/exif-entry.c.
- CVE-2020-0182
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2020-0198.patch: fix unsigned integer overflow
in libexif/exif-data.c.
- CVE-2020-0198
-- <email address hidden> (Leonidas S. Barbosa) Mon, 08 Jun 2020 13:31:12 -0300
|
Source diff to previous version |
CVE-2020-0093 |
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local informati |
CVE-2020-13112 |
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crash |
CVE-2020-13113 |
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-afte |
CVE-2020-13114 |
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amoun |
CVE-2020-0182 |
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information d |
CVE-2020-0198 |
In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of servic |
|
libexif (0.6.21-4ubuntu0.2) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20030.patch: improve deep recursion detection
in exif_data_load_data_content in libexif/exif-data.c.
- CVE-2018-20030
* SECURITY UPDATE: Divinding by zero vulnerability
- debian/patches/CVE-2020-12767.patch: check if d variable is not zeroed
before use it in libexif/exif-entry.c
- CVE-2020-12767
-- <email address hidden> (Leonidas S. Barbosa) Mon, 11 May 2020 13:39:03 -0300
|
Source diff to previous version |
CVE-2018-20030 |
An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU |
CVE-2020-12767 |
exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. |
|
libexif (0.6.21-4ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Out of bounds write
- debian/patches/CVE-2019-9278.patch: avoid the use of unsafe int overflow
checking constructs and check for the actual sizes to avoid integer
overflows in libexif/exif-data.c.
- CVE-2019-9278
-- <email address hidden> (Leonidas S. Barbosa) Tue, 11 Feb 2020 09:15:03 -0300
|
CVE-2019-9278 |
In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media conten |
|
About
-
Send Feedback to @ubuntu_updates