Multiple vulnerabilities in libexif library



Published: 2020-05-22 | Updated: 2020-06-17
Risk High
Patch available YES
Number of vulnerabilities 9
CVE-ID CVE-2020-13113
CVE-2020-13112
CVE-2020-13114
CVE-2018-20030
CVE-2019-9278
CVE-2016-6328
CVE-2017-7544
CVE-2020-0093
CVE-2020-12767
CWE-ID CWE-476
CWE-125
CWE-119
CWE-674
CWE-190
CWE-369
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
libexif
Universal components / Libraries / Libraries used by multiple products

Vendor libexif.sourceforge.net

Security Bulletin

This security bulletin contains information about 9 vulnerabilities.

Updated: 17.06.2020

Added vulnerabilities #4-9.

1) NULL pointer dereference

EUVDB-ID: #VU28182

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13113

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in EXIF Makernote handling. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

libexif: 0.6.9 - 0.6.21


CPE2.3 External links

http://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU28183

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13112

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in EXIF MakerNote handling. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system or cause a denial of service condition.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

libexif: 0.6.9 - 0.6.21


CPE2.3 External links

http://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU28184

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13114

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when handling Canon EXIF MakerNote data. A remote attacker can send a specially crafted file, trigger memory corruption and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

libexif: 0.6.9 - 0.6.21


CPE2.3 External links

http://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Uncontrolled Recursion

EUVDB-ID: #VU29107

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-20030

CWE-ID: CWE-674 - Uncontrolled Recursion

Exploit availability: No

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to recursion issue when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif. A remote attacker can pass specially crafted data to the application and exhaust all available CPU resources.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

libexif: 0.6.9 - 0.6.21


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
http://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer overflow

EUVDB-ID: #VU29108

Risk: High

CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9278

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

libexif: 0.6.9 - 0.6.21


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
http://www.openwall.com/lists/oss-security/2019/10/25/17
http://www.openwall.com/lists/oss-security/2019/10/27/1
http://www.openwall.com/lists/oss-security/2019/11/07/1
http://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566
http://github.com/libexif/libexif/issues/26
http://lists.debian.org/debian-lts-announce/2020/02/msg00007.html
http://seclists.org/bugtraq/2020/Feb/9
http://source.android.com/security/bulletin/android-10
http://usn.ubuntu.com/4277-1/
http://www.debian.org/security/2020/dsa-4618

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Integer overflow

EUVDB-ID: #VU29109

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-6328

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when parsing the MNOTE entry data of the input file. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

libexif: 0.6.9 - 0.6.21


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328
http://lists.debian.org/debian-lts-announce/2020/05/msg00016.html
http://usn.ubuntu.com/4277-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU29110

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7544

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper length computation of the allocated data of an ExifMnote entry within the exif_data_save_data_entry() function in libexif/exif-data.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

libexif: 0.5 - 0.6.21


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
http://lists.debian.org/debian-lts-announce/2020/05/msg00016.html
http://sourceforge.net/p/libexif/bugs/130/
http://usn.ubuntu.com/4277-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU28271

Risk: Low

CVSSv3.1: 4.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0093

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a missing bounds check in "exif_data_save_data_entry" of "exif-data.c" file within the Media framework functionality. A local user can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

libexif: 0.5 - 0.6.21


CPE2.3 External links

http://github.com/libexif/libexif/releases/tag/libexif-0_6_22-release

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Division by zero

EUVDB-ID: #VU28005

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-12767

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to division by zero error in "exif_entry_get_value" in the "exif-entry.c" file. A local user can cause a denial of service condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

libexif: 0.6.21


CPE2.3 External links

http://github.com/libexif/libexif/issues/31
http://lists.debian.org/debian-lts-announce/2020/05/msg00016.html
http://usn.ubuntu.com/4358-1/
http://github.com/libexif/libexif/releases/tag/libexif-0_6_22-release

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###